Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help

Status
Not open for further replies.
J

JonDou

New member
Hi, If You could help me out with this one, please.

I have read few post here about the same problem here and I'm glad that in some cases you guys have sort the problem out :). Nice work there. I just hope I'll be lucky to have the same results after this :).

Anyway, I have free AVG AV and it reported trojans couple of days ago (lots of them !!!) They keep poping up after every boot and I kept sending them to the virus vault as sugested by AVG. I have a redirecting browser problem as well, but that eases up after AVG does its work, but doesn't go away. Sometimes the new IE window opens on its own with shoping, vehicle sale or job oportunity website... etc.

I followed the thread "before you post dss log" and I did pretty much all, but what happened there is: I have backed up the registry with ERUNT and downloaded dds tool, saved it on the desktop and run it. As soon as DDS finished with the scan and showed me the log, AVG reported something as threat - a trojan (I think it was MBR.DAT if it's of any use to you :)) and sugested to move it to the vault. I have copy/paste the log results into the new notepad window and saved it on the desktop by the name ddslog (just in case :) )and sent the file to virus vault. When I did that, dds.exe icon along with the dds log file disappeared from my desktop.

I'm sending the log results and attached ziped "attach.txt" file with this post. Just one thing uncleared. Should I disable spybot tea timer now or should I have done it before the scan :)...sry? Can I turn my computer off?

Thank you for having the time for us.

dds log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Goran at 14:24:29 on 2012-05-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2333 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GameTracker\GSInGameService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089FD14D-132B-48FC-8861-0048AE113215} - No File
{17313704-4a6f-4a90-b799-9a0ecd442850}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{21893045-fd23-4839-8079-751626c13bd9}
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
BHO: {e5deed4b-f298-4211-a480-2a963cf87dc5} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{f08f5390-b47d-4517-aa17-1bcc9ed22183}
{f3730a1f-b98c-4188-96fd-daf6a9fdac3a}
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PhotoPos Toolbar: {5d0ec45b-d2e4-4dd0-a5b2-69ddefe852a8} - c:\program files\photoposcomtbr\PhotoposComTbrLib.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\goran\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\goran\start menu\programs\startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Kodak EasyShare software.lnk.disabled
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Enviar para o OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\goran\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: windowslivehelp.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7} : NameServer = 192.168.1.1,198.168.1.1
TCP: Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvUOhhf
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\goran\application data\mozilla\firefox\profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-4-26 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-4-26 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 GS In-Game Service;GS In-Game Service;c:\program files\gametracker\GSInGameService.exe [2011-11-10 1677072]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-29 275968]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-4-26 167968]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2012-2-13 101904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-18 19056]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\drivers\spyemrg.sys --> c:\windows\system32\drivers\spyemrg.sys [?]
S2 avg7updsvc;KR3NPXP;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S2 GV600_4;Vpcbus;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-5-10 8192]
S2 mcpromgr;VX3000;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 MpFilter;Smbusp;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 mpfirewl;Incdsrv;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 rt2870;Ftrtsvc;c:\windows\system32\svchost.exe -k netsvcs [2007-7-27 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 253088]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-3 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-3 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-7 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2007-7-27 14336]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-5-18 25088]
.
=============== Created Last 30 ================
.
2012-05-04 15:01:11 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01:11 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-02 12:19:20 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-30 03:14:53 -------- d-----w- c:\documents and settings\goran\application data\ooVoo Details
2012-04-30 03:13:45 -------- d-----w- c:\documents and settings\goran\local settings\application data\APN
2012-04-29 16:13:03 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09:05 -------- d-----w- c:\documents and settings\goran\application data\Photopos
2012-04-29 16:09:03 -------- d-----w- c:\program files\PhotoposComTbr
.
==================== Find3M ====================
.
2012-05-04 15:01:00 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12:26 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-29 07:12:26 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 07:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02:23 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02:18 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51:16 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47:02 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20:58 682280 ----a-w- c:\windows\system32\pbsvc.exe
2012-02-13 10:28:46 0 ----a-w- c:\windows\ativpsrm.bin
2012-02-07 03:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-05 07:41:10 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
.
============= FINISH: 14:25:44.98 ===============
 
Hi JonDou, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.



Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


Next

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
aswMBR1.png


On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png


There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please post back with
  • both OTL logs
  • aswMBR log
 
Re:

Hi oldman960 :) and thank You so much for taking this thing on. :thanks:
I'm having problem with the whole PC now. It freezes after a few minutes of reboot. I tried to open this thread and follow the instruction, but it wont let me. Last time I managed to open the IE window and that was it. It freezed on me.
I tried few times to restart my PC, but it kept freezing on me. I rebooted the PC and have copied otl.exe and aswMBR.exe on a usb flash from my old laptop and transfered them to the desktop of affected PC. Double clicked the otl.exe and quickly set the scan options as you told me to, but the scan (the whole PC) freezed somewhere in the middle... it says: scanning modules... and that's it. Do I reset/reboot the PC and try again - this time a bit quicker :) (if I manage) or what?
Not a good start here on my side :oops:, ha ?
 
Hi JonDou,

Let's try the scans in Safe Mode.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
 
Re:

Hi oldman960 :bigthumb:, thanks again for following this.

Ok,... I did a scan in Safe Mode and here are the results:

OTL.txt

OTL logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zntport) -- %systemroot%\system32\pdlnsv25.dll File not found
SRV - (zenos1) -- %systemroot%\system32\egathdrv.dll File not found
SRV - (yukonwlh) -- %systemroot%\system32\tga.dll File not found
SRV - (WNCPKT) -- %systemroot%\system32\mr2kserv.dll File not found
SRV - (wg5n) -- %systemroot%\system32\W8100PCI.dll File not found
SRV - (websensecpmcommunicationagent) -- %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
SRV - (webcompserver) -- %systemroot%\system32\vstor2.dll File not found
SRV - (VRADFIL) -- %systemroot%\system32\usb_rndisx.dll File not found
SRV - (vaiomediaplatform-integratedserver-appserver) -- %systemroot%\system32\CAMFLT.dll File not found
SRV - (V0080Dev) -- %systemroot%\system32\elbycdio.dll File not found
SRV - (utilman) -- %systemroot%\system32\mfcom.dll File not found
SRV - (USIUDF) -- %systemroot%\system32\lyncusbserv.dll File not found
SRV - (usbser) -- %systemroot%\system32\cisvc.dll File not found
SRV - (tpkmpsvc) -- %systemroot%\system32\hsf_dpv.dll File not found
SRV - (TOSHIBASoftModem) -- %systemroot%\system32\avgems.dll File not found
SRV - (toddsrv) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (TMHIDSRV) -- %systemroot%\system32\hwpsgt.dll File not found
SRV - (susbser) -- %systemroot%\system32\LVCap138.dll File not found
SRV - (slservice) -- %systemroot%\system32\lxct_device.dll File not found
SRV - (Si3114r5) -- %systemroot%\system32\ser2pl.dll File not found
SRV - (sfdrv01) -- %systemroot%\system32\AN983.dll File not found
SRV - (SetupSys) -- %systemroot%\system32\AIRPLUS.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\VrAcFil.dll File not found
SRV - (se59nd5) -- %systemroot%\system32\acdpowerservice.dll File not found
SRV - (se58mgmt) -- %systemroot%\system32\iaimfp0.dll File not found
SRV - (se2End5) -- %systemroot%\system32\aswlsvc.dll File not found
SRV - (s716bus) -- %systemroot%\system32\protectionservice.dll File not found
SRV - (s3savagemx) -- %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
SRV - (rt2870) -- %systemroot%\system32\HIDSwvd.dll File not found
SRV - (pivot) -- %systemroot%\system32\CTSBLFX.DLL.dll File not found
SRV - (pdlndldl) -- %systemroot%\system32\mwsarcpkt.dll File not found
SRV - (PCTINDIS5) -- %systemroot%\system32\rpcnet.dll File not found
SRV - (oraclewebassistant) -- %systemroot%\system32\hmonitor.dll File not found
SRV - (oracleorahomemanagementserver) -- %systemroot%\system32\Epiusb.dll File not found
SRV - (oracleoradb10g_home1isql*plus) -- %systemroot%\system32\USB11LDR.dll File not found
SRV - (omniusbl) -- %systemroot%\system32\inorpc.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\qmofiltr.dll File not found
SRV - (NWFILTER) -- %systemroot%\system32\aniwzcsdservice.dll File not found
SRV - (nvrd64) -- %systemroot%\system32\logonsvcid.dll File not found
SRV - (mssql$sony_mediamgr) -- %systemroot%\system32\WscNetDr.dll File not found
SRV - (msgame) -- %systemroot%\system32\ctxcpubal.dll File not found
SRV - (mps9) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (mpfirewl) -- %systemroot%\system32\avcgbdr.dll File not found
SRV - (MpFilter) -- %systemroot%\system32\siside.dll File not found
SRV - (mi-raysat_3dsmax8) -- %systemroot%\system32\MA_CMIDI.dll File not found
SRV - (mhndrv) -- %systemroot%\system32\alerter.dll File not found
SRV - (mcpromgr) -- %systemroot%\system32\mcrdsvc.dll File not found
SRV - (mcods) -- %systemroot%\system32\HabuFltr.dll File not found
SRV - (maxbackserviceint) -- %systemroot%\system32\ndassvc.dll File not found
SRV - (licensemanagersocket) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
SRV - (L6POD) -- %systemroot%\system32\mldserv.dll File not found
SRV - (L1e) -- %systemroot%\system32\s24eventmonitor.dll File not found
SRV - (keriomailserver) -- %systemroot%\system32\meiudf.dll File not found
SRV - (k750mgmt) -- %systemroot%\system32\usbvm321.dll File not found
SRV - (ixiaendpoint) -- %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
SRV - (ipssvc) -- %systemroot%\system32\dtsrvc.dll File not found
SRV - (iPassP) -- %systemroot%\system32\battc.dll File not found
SRV - (ifxtcs) -- %systemroot%\system32\OEM02Afx.dll File not found
SRV - (ifp800) -- %systemroot%\system32\cpqdmi.dll File not found
SRV - (IBM_LLC2) -- %systemroot%\system32\a016mdfl.dll File not found
SRV - (HSFHWALI) -- %systemroot%\system32\rimvserport.dll File not found
SRV - (HPFECP20) -- %systemroot%\system32\dm1service.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\btserial.dll File not found
SRV - (GV600_4) -- %systemroot%\system32\portmapper.dll File not found
SRV - (giveio) -- %systemroot%\system32\Wpsnuio.dll File not found
SRV - (ghoststartservice) -- %systemroot%\system32\Slntamr.dll File not found
SRV - (fsRamDsk) -- %systemroot%\system32\monfilt.dll File not found
SRV - (dot4ufd) -- %systemroot%\system32\TMBMServer.dll File not found
SRV - (dm1service) -- %systemroot%\system32\e1express.dll File not found
SRV - (dlaifs_m) -- %systemroot%\system32\SED133x.dll File not found
SRV - (delldmi) -- %systemroot%\system32\AsIO.dll File not found
SRV - (DCamUSBSQTECH) -- %systemroot%\system32\mferkdk.dll File not found
SRV - (db2ntsecserver) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (cwcspud) -- %systemroot%\system32\fastfat.dll File not found
SRV - (cmpci) -- %systemroot%\system32\prevxagent.dll File not found
SRV - (cics.region2) -- %systemroot%\system32\ccsetmgr.dll File not found
SRV - (cfosspeeds) -- %systemroot%\system32\MaxtorFrontPanel1.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (cccredmgr) -- %systemroot%\system32\s217unic.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (btfirst) -- %systemroot%\system32\IOSLINK.dll File not found
SRV - (BsHelpCS) -- %systemroot%\system32\vmauthdservice.dll File not found
SRV - (blueletscoaudio) -- %systemroot%\system32\F700imd.dll File not found
SRV - (bdrsdrv) -- %systemroot%\system32\savrtpel.dll File not found
SRV - (bdfsfltr) -- %systemroot%\system32\USB_RNDIS.dll File not found
SRV - (avidstartup) -- %systemroot%\system32\symredrv.dll File not found
SRV - (avg7updsvc) -- %systemroot%\system32\rnadirectory.dll File not found
SRV - (atimpab) -- %systemroot%\system32\Freedom.dll File not found
SRV - (ASMMAP) -- %systemroot%\system32\portio.dll File not found
SRV - (ARCSOFTVIRTUALCAPTURE) -- %systemroot%\system32\enxpsvc.dll File not found
SRV - (ar5211) -- %systemroot%\system32\idrivert.dll File not found
SRV - (AmdIde) -- %systemroot%\system32\BRGSp50.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (2wirepcp) -- %systemroot%\system32\zpcollector.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aflkpxw0) -- File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MRxSmb) -- C:\WINDOWS\system32\drivers\mrxsmb.sys ()
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {511131f1-4629-4254-a85f-ed7b6d75dd3c} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-03 00:16:03 | 000,442,908 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (no name) - {17313704-4A6F-4A90-B799-9A0ECD442850} - No CLSID value found.
O2 - BHO: (no name) - {21893045-FD23-4839-8079-751626C13BD9} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (no name) - {e5deed4b-f298-4211-a480-2a963cf87dc5} - No CLSID value found.
O2 - BHO: (no name) - {F08F5390-B47D-4517-AA17-1BCC9ED22183} - No CLSID value found.
O2 - BHO: (no name) - {F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\tuvUOhhf) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: cfosspeeds - %systemroot%\system32\MaxtorFrontPanel1.dll File not found
NetSvcs: s716bus - %systemroot%\system32\protectionservice.dll File not found
NetSvcs: ASMMAP - %systemroot%\system32\portio.dll File not found
NetSvcs: MpFilter - %systemroot%\system32\siside.dll File not found
NetSvcs: toddsrv - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: licensemanagersocket - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: cccredmgr - %systemroot%\system32\s217unic.dll File not found
NetSvcs: utilman - %systemroot%\system32\mfcom.dll File not found
NetSvcs: icepack - File not found
NetSvcs: W2acehid - File not found
NetSvcs: adsservice - File not found
NetSvcs: nv4 - File not found
NetSvcs: CdaD10BA - File not found
NetSvcs: nvstor32 - File not found
NetSvcs: imountsrv - File not found
NetSvcs: passthru - File not found
NetSvcs: PTproct - File not found
NetSvcs: dlaudfam - File not found
NetSvcs: rchost - File not found
NetSvcs: XAudio - File not found
NetSvcs: NWDHCP - File not found
NetSvcs: ScFBPNT3 - File not found
NetSvcs: lvsrvlauncher - File not found
NetSvcs: lxrjd31s - File not found
NetSvcs: FireTDI - File not found
NetSvcs: amusbprt - File not found
NetSvcs: DumaNT - File not found
NetSvcs: SED133x - File not found
NetSvcs: picturetaker - File not found
NetSvcs: dmprimer - File not found
NetSvcs: CA561 - File not found
NetSvcs: BTSLBCSP - File not found
NetSvcs: BUFADPT - File not found
NetSvcs: scsk4 - File not found
NetSvcs: WIBUKEY - File not found
NetSvcs: procexp111 - File not found
NetSvcs: iteatapi - File not found
NetSvcs: avupdsvc - File not found
NetSvcs: winpppoverethernet - File not found
NetSvcs: websensedcagent - File not found
NetSvcs: ARCSOFTVIRTUALCAPTURE - %systemroot%\system32\enxpsvc.dll File not found
NetSvcs: se59nd5 - %systemroot%\system32\acdpowerservice.dll File not found
NetSvcs: avg7updsvc - %systemroot%\system32\rnadirectory.dll File not found
NetSvcs: ifp800 - %systemroot%\system32\cpqdmi.dll File not found
NetSvcs: bdrsdrv - %systemroot%\system32\savrtpel.dll File not found
NetSvcs: pivotmou - File not found
NetSvcs: vcommmgr - File not found
NetSvcs: tbhsd - File not found
NetSvcs: ZY202_XP - File not found
NetSvcs: wm - File not found
NetSvcs: R300 - File not found
NetSvcs: giveio - %systemroot%\system32\Wpsnuio.dll File not found
NetSvcs: websensecpmcommunicationagent - %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll File not found
NetSvcs: oraclewebassistant - %systemroot%\system32\hmonitor.dll File not found
NetSvcs: oracleoradb10g_home1isql*plus - %systemroot%\system32\USB11LDR.dll File not found
NetSvcs: dm1service - %systemroot%\system32\e1express.dll File not found
NetSvcs: dot4ufd - %systemroot%\system32\TMBMServer.dll File not found
NetSvcs: PCTINDIS5 - %systemroot%\system32\rpcnet.dll File not found
NetSvcs: keriomailserver - %systemroot%\system32\meiudf.dll File not found
NetSvcs: zenos1 - %systemroot%\system32\egathdrv.dll File not found
NetSvcs: tpkmpsvc - %systemroot%\system32\hsf_dpv.dll File not found
NetSvcs: mcods - %systemroot%\system32\HabuFltr.dll File not found
NetSvcs: AmdIde - %systemroot%\system32\BRGSp50.dll File not found
NetSvcs: yukonwlh - %systemroot%\system32\tga.dll File not found
NetSvcs: dlaifs_m - %systemroot%\system32\SED133x.dll File not found
NetSvcs: NxSysMon - %systemroot%\system32\qmofiltr.dll File not found
NetSvcs: nvrd64 - %systemroot%\system32\logonsvcid.dll File not found
NetSvcs: btfirst - %systemroot%\system32\IOSLINK.dll File not found
NetSvcs: usbser - %systemroot%\system32\cisvc.dll File not found
NetSvcs: se58mgmt - %systemroot%\system32\iaimfp0.dll File not found
NetSvcs: L1e - %systemroot%\system32\s24eventmonitor.dll File not found
NetSvcs: slservice - %systemroot%\system32\lxct_device.dll File not found
NetSvcs: HPFECP20 - %systemroot%\system32\dm1service.dll File not found
NetSvcs: ghoststartservice - %systemroot%\system32\Slntamr.dll File not found
NetSvcs: k750mgmt - %systemroot%\system32\usbvm321.dll File not found
NetSvcs: avidstartup - %systemroot%\system32\symredrv.dll File not found
NetSvcs: se2End5 - %systemroot%\system32\aswlsvc.dll File not found
NetSvcs: HSFHWALI - %systemroot%\system32\rimvserport.dll File not found
NetSvcs: SetupSys - %systemroot%\system32\AIRPLUS.dll File not found
NetSvcs: db2ntsecserver - %systemroot%\system32\SNP2STD.dll File not found
NetSvcs: omniusbl - %systemroot%\system32\inorpc.dll File not found
NetSvcs: msgame - %systemroot%\system32\ctxcpubal.dll File not found
NetSvcs: s3savagemx - %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll File not found
NetSvcs: IBM_LLC2 - %systemroot%\system32\a016mdfl.dll File not found
NetSvcs: atimpab - %systemroot%\system32\Freedom.dll File not found
NetSvcs: wg5n - %systemroot%\system32\W8100PCI.dll File not found
NetSvcs: webcompserver - %systemroot%\system32\vstor2.dll File not found
NetSvcs: mi-raysat_3dsmax8 - %systemroot%\system32\MA_CMIDI.dll File not found
NetSvcs: BsHelpCS - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: iPassP - %systemroot%\system32\battc.dll File not found
NetSvcs: ar5211 - %systemroot%\system32\idrivert.dll File not found
NetSvcs: NWFILTER - %systemroot%\system32\aniwzcsdservice.dll File not found
NetSvcs: Si3114r5 - %systemroot%\system32\ser2pl.dll File not found
NetSvcs: L6POD - %systemroot%\system32\mldserv.dll File not found
NetSvcs: mhndrv - %systemroot%\system32\alerter.dll File not found
NetSvcs: fsRamDsk - %systemroot%\system32\monfilt.dll File not found
NetSvcs: oracleorahomemanagementserver - %systemroot%\system32\Epiusb.dll File not found
NetSvcs: btnhnd - %systemroot%\system32\SECYPUSB.dll File not found
NetSvcs: serialkeys - %systemroot%\system32\VrAcFil.dll File not found
NetSvcs: susbser - %systemroot%\system32\LVCap138.dll File not found
NetSvcs: pivot - %systemroot%\system32\CTSBLFX.DLL.dll File not found
NetSvcs: blueletscoaudio - %systemroot%\system32\F700imd.dll File not found
NetSvcs: GV600_4 - %systemroot%\system32\portmapper.dll File not found
NetSvcs: pdlndldl - %systemroot%\system32\mwsarcpkt.dll File not found
NetSvcs: GVCplDrv - %systemroot%\system32\btserial.dll File not found
NetSvcs: TOSHIBASoftModem - %systemroot%\system32\avgems.dll File not found
NetSvcs: cwcspud - %systemroot%\system32\fastfat.dll File not found
NetSvcs: vaiomediaplatform-integratedserver-appserver - %systemroot%\system32\CAMFLT.dll File not found
NetSvcs: cics.region2 - %systemroot%\system32\ccsetmgr.dll File not found
NetSvcs: cmpci - %systemroot%\system32\prevxagent.dll File not found
NetSvcs: 2wirepcp - %systemroot%\system32\zpcollector.dll File not found
NetSvcs: V0080Dev - %systemroot%\system32\elbycdio.dll File not found
NetSvcs: DCamUSBSQTECH - %systemroot%\system32\mferkdk.dll File not found
NetSvcs: zntport - %systemroot%\system32\pdlnsv25.dll File not found
NetSvcs: TMHIDSRV - %systemroot%\system32\hwpsgt.dll File not found
NetSvcs: bdfsfltr - %systemroot%\system32\USB_RNDIS.dll File not found
NetSvcs: mpfirewl - %systemroot%\system32\avcgbdr.dll File not found
NetSvcs: efs - File not found
NetSvcs: webrootadminconsole - File not found
NetSvcs: WmiAcpi - File not found
NetSvcs: smrt - File not found
NetSvcs: patrolagent - File not found
NetSvcs: USIUDF - %systemroot%\system32\lyncusbserv.dll File not found
NetSvcs: ifxtcs - %systemroot%\system32\OEM02Afx.dll File not found
NetSvcs: CcmExec - %systemroot%\system32\w200mgmt.dll File not found
NetSvcs: mcpromgr - %systemroot%\system32\mcrdsvc.dll File not found
NetSvcs: sfdrv01 - %systemroot%\system32\AN983.dll File not found
NetSvcs: rt2870 - %systemroot%\system32\HIDSwvd.dll File not found
NetSvcs: megamonitorsrv - File not found
NetSvcs: dirms_defragmentation - File not found
NetSvcs: slave - File not found
NetSvcs: adiloader - File not found
NetSvcs: lxcgcustomerconnect - File not found
NetSvcs: s125bus - File not found
NetSvcs: yats32 - File not found
NetSvcs: smartwiservice - File not found
NetSvcs: wg3n - File not found
NetSvcs: maxbackserviceint - %systemroot%\system32\ndassvc.dll File not found
NetSvcs: PSI_SVC_2 - File not found
NetSvcs: ino_fltr - File not found
NetSvcs: pdfcreatormessages - File not found
NetSvcs: eliservice - File not found
NetSvcs: ssmdrv - File not found
NetSvcs: mstdfrgs - File not found
NetSvcs: SWNC8U20 - File not found
NetSvcs: rp_fws - File not found
NetSvcs: DcPTP - File not found
NetSvcs: PAC7302 - File not found
NetSvcs: ssscsisv - File not found
NetSvcs: webdriveservice - File not found
NetSvcs: thpsrv - File not found
NetSvcs: acs - File not found
NetSvcs: avsvcmonitor - File not found
NetSvcs: Memctl - File not found
NetSvcs: wandrv - File not found
NetSvcs: tandpl - File not found
NetSvcs: bjmcmng - File not found
NetSvcs: pnarp - File not found
NetSvcs: MRV6X32P - File not found
NetSvcs: VRADFIL - %systemroot%\system32\usb_rndisx.dll File not found
NetSvcs: ixiaendpoint - %systemroot%\system32\pinnaclesys.mediaserver.dll File not found
NetSvcs: delldmi - %systemroot%\system32\AsIO.dll File not found
NetSvcs: WNCPKT - %systemroot%\system32\mr2kserv.dll File not found
NetSvcs: mssql$sony_mediamgr - %systemroot%\system32\WscNetDr.dll File not found
NetSvcs: mps9 - \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found
NetSvcs: ipssvc - %systemroot%\system32\dtsrvc.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
 
Re:

Hi oldman960 :bigthumb:

part II of OTL.txt

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 10

========== Files/Folders - Created Within 30 Days ==========

[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-04 23:01:11 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:11 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-07 15:11:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-07 15:01:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-06 21:57:13 | 097,285,812 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-05 20:05:34 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-05 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-05 19:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-05 19:34:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003UA.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 17:20:00 | 000,001,604 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-05 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:34:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-573735546-839522115-1003Core.job
[2012-05-04 23:11:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-04 23:01:00 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012-05-04 23:01:00 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012-05-04 23:01:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012-05-04 23:01:00 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012-05-04 23:01:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012-05-03 23:21:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-03 00:16:03 | 000,442,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-29 15:12:26 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-04-29 15:12:26 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012-04-12 00:23:30 | 000,472,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-04-12 00:23:30 | 000,090,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-04-12 00:18:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-04-11 00:39:17 | 001,228,854 | ---- | M] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-02 20:19:20 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-11 00:39:00 | 001,228,854 | ---- | C] () -- C:\Documents and Settings\Goran\Documents\Elena balerina title.bmp
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-12 02:36:30 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-11 11:59:22 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-11-26 20:20:50 | 001,524,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-05 17:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009-11-29 16:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2010-05-17 17:45:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Goran\Application Data\.#
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2010-11-29 21:52:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Bitrix Security
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2011-05-09 19:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PriceGong
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2012-04-30 14:31:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012-04-22 12:53:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010-03-13 18:59:00 | 000,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-05 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2012-05-07 15:03:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011-05-15 16:48:43 | 000,032,626 | ---- | M] () -- C:\ASLog.txt
[2012-02-18 21:07:08 | 000,000,600 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012-02-13 20:29:54 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2008-01-23 14:16:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008-01-23 14:16:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007-07-27 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008-08-17 19:01:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012-05-07 15:11:17 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008-04-06 19:39:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008-04-20 23:52:53 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2008-04-20 23:54:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2008-06-03 20:46:36 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2008-06-03 20:47:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2008-06-03 20:48:05 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2008-11-08 09:06:00 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2008-11-08 11:50:37 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-01-18 21:42:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2008-04-06 19:39:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008-04-20 23:52:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008-04-20 23:54:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008-06-03 20:46:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008-06-03 20:47:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008-06-03 20:48:05 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008-11-08 09:06:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008-11-08 11:50:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-01-18 21:42:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

< %systemroot%\Fonts\*.com >
[2006-04-18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006-06-29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006-04-18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006-06-29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008-01-23 14:15:50 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008-07-06 20:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007-03-28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007-04-09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006-10-26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008-07-06 18:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008-02-19 06:58:22 | 000,199,600 | ---- | M] () -- C:\WINDOWS\MINI98.scr
[2010-04-17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008-02-21 09:46:40 | 000,000,457 | ---- | M] () -- C:\Program Files\INSTALL.LOG
[2008-02-28 06:53:11 | 000,000,000 | ---- | M] () -- C:\Program Files\temp01

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008-01-23 06:01:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008-01-23 06:01:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008-01-23 06:01:02 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2008-08-17 19:06:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2012-04-24 19:57:41 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\HP Solution Center.lnk
[2008-08-17 19:06:50 | 000,001,567 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2008-01-23 14:16:14 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk
[2008-05-01 01:00:13 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-04-11 16:25:33

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008-04-14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007-06-13 19:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007-06-13 18:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2007-07-27 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: EXPLORER.EXE-02121B1A.PF >
[2012-05-05 17:18:50 | 000,105,710 | ---- | M] () MD5=3D2B2DE79E5872919077284577D41F91 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf

< MD5 for: EXPLORER.SCF >
[2007-07-27 20:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: EXPLORER.ZIP >
[2006-03-06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

< MD5 for: IEXPLORE.CHM >
[2009-02-21 01:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2007-07-27 20:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2006-09-02 00:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.CHW >
[2010-11-08 18:18:36 | 000,153,185 | ---- | M] () MD5=F7E49469C37E8928CA836595E11C89B5 -- C:\WINDOWS\Help\iexplore.chw

< MD5 for: IEXPLORE.EXE >
[2008-12-19 13:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008-10-15 14:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2008-12-19 13:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008-04-22 16:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008-08-23 13:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2008-04-22 15:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007-12-06 19:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2008-02-29 16:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2008-04-14 05:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2007-10-10 16:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\iexplore.exe
[2008-06-23 17:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2008-02-22 17:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2007-12-06 16:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2008-10-15 15:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009-02-28 12:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie8\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009-03-08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009-02-28 12:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2008-06-23 16:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007-08-14 10:43:56 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=DE49B348A18369B4626FBA1D49B07FB4 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2007-07-27 20:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008-08-23 13:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
[2007-10-10 18:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\iexplore.exe

< MD5 for: IEXPLORE.EXE.EXP.LOG >
[2011-05-08 15:11:44 | 000,386,821 | ---- | M] () MD5=3E026E1FD84AA528C0E36886E1658F04 -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log

< MD5 for: IEXPLORE.EXE.EXP.LOG.OLD >
[2010-03-22 19:49:59 | 001,051,657 | ---- | M] () MD5=958C2A29A7DAB076FAD641C4E721E8FB -- C:\Program Files\Internet Explorer\iexplore.exe.exp.log.old

< MD5 for: IEXPLORE.EXE.MUI >
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009-03-08 14:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2007-08-14 10:43:36 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=B58D8A1C7EE0E922EC7D2616DA136FC3 -- C:\WINDOWS\ie8\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE_129498214790156250.EXH >
[2011-05-14 12:38:02 | 000,000,554 | ---- | M] () MD5=A8402148B0B62303E5FA917784FAA771 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250.exh

< MD5 for: IEXPLORE.EXE_129498214790156250_F.DMP >
[2011-05-14 12:38:02 | 017,301,386 | ---- | M] () MD5=7BAAE5CAF445E8D55E8A8216DEAC1384 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_F.dmp

< MD5 for: IEXPLORE.EXE_129498214790156250_M.DMP >
[2011-05-14 12:38:00 | 006,714,678 | ---- | M] () MD5=72D57DCFACA6CC444669E7918A2156A1 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129498214790156250_M.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000.EXH >
[2011-05-15 16:06:52 | 000,000,569 | ---- | M] () MD5=2C1B991D3F2E85B62C22BE336AC4171A -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000.exh

< MD5 for: IEXPLORE.EXE_129499203848750000_F.DMP >
[2011-05-15 16:06:42 | 213,879,461 | ---- | M] () MD5=67C583CE1BA01C5F001B48D7C7671010 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_F.dmp

< MD5 for: IEXPLORE.EXE_129499203848750000_M.DMP >
[2011-05-15 16:06:27 | 005,162,113 | ---- | M] () MD5=34715B3539C1E79DB5F104986072E248 -- C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps\iexplore.exe_129499203848750000_M.dmp

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012-05-06 22:19:20 | 000,085,118 | ---- | M] () MD5=76418E43AF012686A61B6FCD09F6CABC -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

< MD5 for: IEXPLORE.HLP >
[2007-07-27 20:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2007-07-27 20:00:00 | 000,506,880 | ---- | M] (Microsoft Corporation) MD5=051A52001D625F316CE81A539BD25192 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008-04-14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE.20080206-055927-00.HDMP >
[2008-02-06 13:59:29 | 003,499,992 | ---- | M] () MD5=CD8778DB4F3D620E6FE77775C20A92E9 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080206-055927-00.hdmp

< MD5 for: WINLOGON.EXE.20080720-030935-00.HDMP >
[2008-07-20 11:09:39 | 000,032,638 | ---- | M] () MD5=4715AFF3EFD69074CBEA07675A058D48 -- C:\WINDOWS\pchealth\ERRORREP\UserDumps\winlogon.exe.20080720-030935-00.hdmp

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB49800$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
@Alternate Data Stream - 287 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D0030B7B
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C6D0EC31
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03777453
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B0A3DB99
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7D7891
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52D76DB8
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:633B85CE
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CFBB419A

< End of report >
 
Re:

And this is the

Extras.txt log

OTL Extras logfile created on: 07-May-2012 3:15:40 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 89.45% Memory free
5.33 Gb Paging File | 5.23 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 41.14 Gb Free Space | 27.58% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.77 Gb Free Space | 11.02% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS
Drive J: | 951.62 Mb Total Space | 946.52 Mb Free Space | 99.46% Space Free | Partition Type: FAT32

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"25999:TCP" = 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP" = 585:TCP:*:Enabled:outlook send
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" = C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt -- (VoipStunt)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui
"C:\Program Files\SEGA\Medieval II Total War\medieval2.exe" = C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Disabled:Medieval 2: Total War
"C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe" = C:\DOCUME~1\Goran\LOCALS~1\Temp\Rar$EX00.125\Call of Duty 4 -- Chams & Aimbot.exe:*:Enabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-enUS-Installer-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe" = C:\Documents and Settings\Goran\Documents\Downloads\WoW-BurningCrusade-Trial-enUS-Installer-downloader2.exe:*:Enabled:Blizzard Downloader
"C:\Program Files\World of Warcraft\Repair.exe" = C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\winup.exe" = C:\WINDOWS\system32\winup.exe:*:Disabled:winup
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe" = C:\Program Files\Activision Value\Soldier of Fortune Payback\sof3.exe:*:Disabled:sof3
"C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\Blizzard Launcher Temporary - a84d1928\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Disabled:McAfee Data Backup
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Disabled:TVUPlayer Component
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\IMVUClient.exe:*:Enabled:IMVUClient
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\Goran\Application Data\IMVUClient\1VivoxVoice.exe:*:Disabled:1VivoxVoice
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Disabled:Camfrog Video Chat -- (Camshare Inc.)
"C:\Program Files\ICQ\Icq.exe" = C:\Program Files\ICQ\Icq.exe:*:Disabled:ICQ
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Chams & aimbot\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe" = C:\Documents and Settings\Goran\Desktop\CoD2 Wallhack\cod4\Call of Duty 4 -- Chams & Aimbot.exe:*:Disabled:Microsot Windows Explorer
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Disabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Xfire\xfire_exception.exe" = C:\Program Files\Xfire\xfire_exception.exe:*:Disabled:xfire_exception -- (Xfire Inc.)
"C:\Program Files\The All-Seeing Eye\eye.exe" = C:\Program Files\The All-Seeing Eye\eye.exe:*:Disabled:Yahoo! All-Seeing Eye
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Disabled:Curse Client
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe" = C:\Program Files\Codemasters\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2727-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2727-enUS-tools-downloader
"C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.2.1.2730-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2730-enUS-tools-downloader
"C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:wow-4.2.1.2736-enUS-tools-downloader.exe -- (Blizzard Entertainment)
"C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Documents and Settings\Goran\Local Settings\Apps\2.0\NNZXODTC.Z36\L0EJW5YD.ZPE\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Goran\Local Settings\Temp\7zS19F7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003190C4-888F-834C-0780-601D304C9C32}" = CCC Help Spanish
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0813B2A4-85CF-491C-3C69-52463DCC4F4D}" = CCC Help Chinese Standard
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0CC4615C-7BA6-F3A1-FA76-A2AF370AC670}" = CCC Help Russian
"{0DE46A13-D4CB-BAD4-98FB-5262DDE76CE8}" = CCC Help Korean
"{0FC61FCF-0FAA-E9EE-7BD6-A75CAA0C3388}" = CCC Help Czech
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{12D9D635-2C58-8B60-C44B-C09DD307F4DC}" = CCC Help Chinese Traditional
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1E1300BC-6DBA-476B-8CCF-4AA81ED4DF6A}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20535ABD-7D5E-472E-9077-6AF48480DD82}" = ASUS GameOSD Utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26405090-4A02-41C5-B7CB-EBD624BCB424}" = CCC Help French
"{2668AB7A-6937-107C-166E-31B230235B7B}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{309E994A-1FE1-4198-036E-A01A02213E25}" = CCC Help Hungarian
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34E30A1C-E978-332B-9B94-520621C4E13E}" = CCC Help German
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3956B09E-C5AD-43A6-A889-F37F89BF47E1}" = Pilici
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AA83D48-8658-1526-EC55-25514D46ACCD}" = ccc-core-static
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FD595B1-0A6E-2A69-C199-71E3B65A1910}" = CCC Help Danish
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65455A2D-1671-E83B-F15D-D0C887F9D608}" = ATI Catalyst Install Manager
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7724F361-5E45-4649-E104-07183CC0E349}" = ATI Problem Report Wizard
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D5F535B-C5DC-47A9-8392-D757F7B600AC}" = CCC Help Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FAD04E8-1D32-22CC-701E-01E2A94015C3}" = CCC Help English
"{8FB3B66F-5A82-9ACB-0560-17C761A8A68B}" = CCC Help Dutch
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{971D71F5-CA24-52B1-811E-CB7CA0502CCE}" = CCC Help Portuguese
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A488DCE3-1391-0843-531A-86246DEBE98C}" = ccc-utility
"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC874BBA-8B7A-ABB3-5878-BB8CD05F2852}" = CCC Help Thai
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBCC790B-FC18-B612-C8C1-851BEE493D55}" = CCC Help Italian
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07751B7-AAF1-ABA4-2BCF-0C5D3D932D19}" = CCC Help Norwegian
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D21D0CE6-F81A-F051-93FA-F0D8925C87D8}" = Catalyst Control Center Localization All
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2C4175D-CE60-AA59-0BEF-8B454A789C95}" = CCC Help Japanese
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB3E8237-FD20-C42C-9D93-9D6ADE03850C}" = ATI AVIVO Codecs
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3837B-9DE3-4D2F-07A8-A85D765F38ED}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F584B87B-4249-1331-345B-3C219F00C60B}" = CCC Help Swedish
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD26A504-690A-7631-104B-AA6917B9D207}" = CCC Help Finnish
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE5CD0C9-5A17-99C3-0B93-A820C3109049}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD766D4-F724-1FD9-20CA-D3E6EDA5A663}" = CCC Help Turkish
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"ALLPlayer_is1" = ALLPlayer V4.X
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Camfrog 6.0" = Camfrog Video Chat 6.0
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MOV Decoder" = Canon MOV Decoder
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"Christmas and New Year Frames Pack" = Christmas and New Year Frames Pack
"Crystal Player" = Crystal Player Professional 1.97
"CSCLIB" = Canon Camera Support Core Library
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"FormatFactory" = FormatFactory 2.70
"GameTracker Lite" = GameTracker Lite
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{298FC7A4-44AF-411D-BB17-C8516C20849B}" = GSC
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D1B7EF59-A3E2-452A-882E-076E1A18D94A}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Singleplayer Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Photo Pos Pro" = Photo Pos Pro
"Photo Pos Pro Classic Frames Pack" = Photo Pos Pro Classic Frames Pack
"Photo Pos Pro Collage Templates Pack" = Photo Pos Pro Collage Templates Pack
"PhotoposComTbr" = Photopos Toolbar (Remove Toolbar Only)
"PhotoStitch" = Canon Utilities PhotoStitch
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Totalcmd" = Total Commander (Remove or Repair)
"Turbo Pizza_is1" = Turbo Pizza
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"VoipStunt_is1" = VoipStunt
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR arhivar
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xfire" = Xfire (remove only)
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"xvid" = XviD MPEG-4 Video Codec
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZD Soft Game Recorder" = ZD Soft Game Recorder
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Detector Plug-in
"Winamp Toolbar" = Winamp Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02-May-2012 11:03:05 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:27 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 02-May-2012 11:03:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 03-May-2012 11:09:08 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:53:40 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:55:07 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 1:59:42 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 2:00:10 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

Error - 05-May-2012 5:16:02 AM | Computer Name = MAKIGOKI | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ffdshow.ax, version 1.1.3882.0, fault address 0x0008cee6.

[ OSession Events ]
Error - 16-May-2011 10:27:39 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:08 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:28:38 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16-May-2011 10:29:01 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18-May-2011 9:39:28 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 187
seconds with 120 seconds of active time. This session ended with a crash.

Error - 09-Sep-2011 6:01:49 AM | Computer Name = MAKIGOKI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPv6 Helper Service service depends on the Microsoft IPv6 Protocol
Driver service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7023
Description = The SilverLink service terminated with the following error: %%126

Error - 07-May-2012 3:12:59 AM | Computer Name = MAKIGOKI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD asuskbnt Avgldx86 Avgmfx86 Avgtdix EIO Fips intelppm IPSec Lbd MRxSmb NetBIOS NetBT RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip
Tcpip6

Error - 07-May-2012 3:13:05 AM | Computer Name = MAKIGOKI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
 
Re:

Note:
I must tell you that I've had my Safe Mode on without the networking, so I couldn't update Avast's database.

here is attached MBR.zip and

aswMBR.txt


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-07 15:30:44
-----------------------------
15:30:44.203 OS Version: Windows 5.1.2600 Service Pack 3
15:30:44.203 Number of processors: 2 586 0xF0B
15:30:44.203 ComputerName: MAKIGOKI UserName: Goran
15:30:46.093 Initialize success
15:34:33.171 AVAST engine download error: 0
15:35:05.765 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:35:05.781 Disk 0 Vendor: WDC_WD3200AAJS-65RYA0 12.01B01 Size: 305245MB BusType: 3
15:35:05.781 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0
15:35:05.796 Disk 1 Vendor: ST380215 Size: 76318MB BusType: 1
15:35:05.812 Disk 0 MBR read successfully
15:35:05.828 Disk 0 MBR scan
15:35:05.828 Disk 0 unknown MBR code
15:35:05.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152703 MB offset 63
15:35:05.843 Disk 0 Partition - 00 0F Extended LBA 152539 MB offset 312737355
15:35:05.875 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 137172 MB offset 312737418
15:35:05.875 Disk 0 Partition - 00 05 Extended 15366 MB offset 593666010
15:35:05.906 Disk 0 Partition 3 00 BC BOOTWIZ0 15366 MB offset 593666073
15:35:05.921 Disk 0 scanning sectors +625137345
15:35:06.015 Disk 0 scanning C:\WINDOWS\system32\drivers
15:35:19.328 Service scanning
15:35:50.656 Service PciCon E:\PciCon.sys **LOCKED** 21
15:35:54.640 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:36:00.265 Modules scanning
15:36:08.812 Disk 0 trace - called modules:
15:36:08.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprr.sys >>UNKNOWN [0x8b574938]<<
15:36:08.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b448030]
15:36:09.062 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> \Device\00000085[0x8b4f69e8]
15:36:09.171 5 ACPI.sys[b7e6a620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b454940]
15:36:09.250 Scan finished successfully
15:36:51.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Goran\Desktop\MBR.dat"
15:36:51.671 The log file has been saved successfully to "C:\Documents and Settings\Goran\Desktop\aswMBR.txt"


Thanks again :bigthumb:
 
Hi JonDou,

That's ok. You can run Deffogger in Safe Mode but I'd like you to try to run Combofix in normal windows. If it won't run please boot to Safe Mode with Networking and run it from there.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download


Please download ComboFix from Link 1or Link 2 to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  • If you are using Firefox, make sure that your download settings are as follows:
    -Tools->Options->Main tab
    -Set to "Always ask me where to Save the files".
  • During the download, before you save it to your desktop, rename Combofix to jgh.exe

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------​
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    -----------------------------------------------------------​
  • Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]

Please post back with
  • combofix log
How is the computer?

Thanks
 
Re:

Hey oldman960 :bigthumb: and thanks again :)

How are you today? I hope You are not loosing patience with me and my problem :).
I've run DeFogger in the Safe Mode and it has finished with no problems... however I couldn't manage to get the PC to run in normal windows mode, 'cause it freezes after just a minute of reboot.
I did disable spybot's TeaTimer and Resident (in that minute time :) ), but I didn't see any startup entry for TeaTimer.
When I tried to disable AVG, computer freezed on me. In Safe Mode when I clicked the AVG shortcut in order to disable it, it showed the "Command line Composer" window, where it's written: "You can use AVG 2012 Anti-Virus command line scanner only in Windows Safe Mode." It doesn't open AVG User Interface window, so i don't have an option to disable it.
As for Windows defender, I don't see it anywhere. Not in C>Program files nor in Ad/Remove programs.

I'm afraid if I run the Combofix scan in normal windows it will freez when PC freezes. I have downloaded Combofix.exe to the desktop in Safe Mode and renamed it before the download to jgh.exe and now it's waiting for me to double click it, but I don't know what should I do with AVG? Do I run the scan in Safe Mode then?
 
Hi JonDou,

Ok run combofix in Safe Mode with Networking. Don't worry about AVG or any other Security program as they won't be running in safe mode. If combofix reboots your computer be sure to boot back into Safe Mode.
 
Re:

Hi oldman960 :bigthumb:
I just ran the combofix (jgh.exe) in Safe Mode with Networking and the window pop up before it even started scanning, saying:

"Combofix has detected the following real time scanner(s) to be active:

antivirus: AVG Anti-Virus Free Edition 2012

Antivirus and intrusion prevention programs are known to interfere with Combofix's running. This may lead to unpredictable results or possible machine damage.

Please disable these scanners before clicking 'OK'."

Now, do I uninstall AVG, 'cause... as I said when I run AVG it only opens Command line Composer?

Thanks again for this. I realy appreciate your help :)
 
Hi JonDou,

Ignore the warning and run combofix, you should be all right. Remember to boot back to Safe Mode if combofix reboots the computer.
 
Re:

Hi oldman960,
When asked to install or update recovery console I clicked yes, but now the window pop up saying:

"You do not appear to be connected to the internet. Kindly connect before clicking 'OK'"

... but I am able to open google page, just did it :). Do I click OK anyway?
 
Re:

Hi oldman960 :bigthumb:
ComboFix has installed recovery console from microsoft site I beleive, after all, but encountered a problem (or maybe not :) - I dont know). It showed that the computer is infected with root Zero.activity or something - the window quickly disappeared and a new one came up saying:

"Combofix has detected the presence of rootkit activity and needs to reboot the machine"

I did select the SafeMode with networking again, but before it rebooted, Combofix started to scan for infected files again.

It has finished now... the log follows :)

Thanks :)
 
Re:

I'm still in SafeMode with networking :)

The log:

ComboFix 12-05-07.01 - Goran 8-May-2012 23:49:56.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3235 [GMT 8:00]
Running from: c:\documents and settings\Goran\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\ISx186.tmp
c:\documents and settings\All Users\Application Data\ISxE1.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\Goran\Application Data\.#
c:\documents and settings\Goran\Application Data\Bitrix Security
c:\documents and settings\Goran\Application Data\Bitrix Security\cet.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\exlyu
c:\documents and settings\Goran\Application Data\Bitrix Security\lrtg.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\mlkee_shrd
c:\documents and settings\Goran\Application Data\Bitrix Security\mxd1.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\rgx.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\rjg.txt
c:\documents and settings\Goran\Application Data\Bitrix Security\vhrejy1_shrd
c:\documents and settings\Goran\Application Data\PriceGong
c:\documents and settings\Goran\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Goran\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Goran\Local Settings\Application Data\._Revolution_
c:\documents and settings\Goran\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Goran\WINDOWS
c:\program files\INSTALL.LOG
c:\program files\USS
c:\program files\USS\unins001.dat
c:\windows\$NtUninstallKB49800$\2424199615
c:\windows\$NtUninstallKB49800$\621078412\@
c:\windows\$NtUninstallKB49800$\621078412\cfg.ini
c:\windows\$NtUninstallKB49800$\621078412\Desktop.ini
c:\windows\$NtUninstallKB49800$\621078412\L\ttikqnog
c:\windows\$NtUninstallKB49800$\621078412\oemid
c:\windows\$NtUninstallKB49800$\621078412\U\00000001.@
c:\windows\$NtUninstallKB49800$\621078412\U\00000002.@
c:\windows\$NtUninstallKB49800$\621078412\U\00000004.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000000.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000004.@
c:\windows\$NtUninstallKB49800$\621078412\U\80000032.@
c:\windows\$NtUninstallKB49800$\621078412\version
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ATKGFNEXSrv.dll
c:\windows\system32\AutoRun.inf
c:\windows\system32\avupdsvc.dll
c:\windows\system32\awvaibcm.ini
c:\windows\system32\bobhpylm.dllbox
c:\windows\system32\btserial.dll
c:\windows\system32\c.bat
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2f1bba660ec1a795.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8d0102213517da5c.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c48e17773e3d550b.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d3b26b120a4d3579.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\enwkuruc.ini
c:\windows\system32\hxyrdorl.ini
c:\windows\system32\jhiptdjc.ini
c:\windows\system32\kfehbjfu.ini
c:\windows\system32\lxda_device.dll
c:\windows\system32\Machnm32.dll
c:\windows\system32\MtxDma0.dll
c:\windows\system32\Ncrc710.dll
c:\windows\system32\parallel.dll
c:\windows\system32\pdlnshay.dll
c:\windows\system32\ROB_A.dll
c:\windows\system32\SE2Dmdm.dll
c:\windows\system32\sjwecigx.dllbox
c:\windows\system32\tcpip6.dll
c:\windows\system32\wdmaud.dll
c:\windows\system32\websensecamreportserver.dll
c:\windows\system32\ydkbfemh.ini
c:\windows\system32\z800mdfl.dll
c:\windows\system32\ZDPNDIS5.dll
c:\windows\$NtUninstallKB49800$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\nv4_mini.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Legacy_GVCplDrv
-------\Service_GVCplDrv
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:43 . 2010-07-09 21:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-04 16:18 . 2012-05-04 16:19 -------- d-----w- c:\program files\ERUNT
2012-05-04 15:02 . 2012-05-04 15:02 -------- d-----w- c:\program files\Common Files\Java
2012-05-04 15:01 . 2012-05-04 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01 . 2012-05-04 15:01 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-30 03:14 . 2012-04-30 03:18 -------- d-----w- c:\documents and settings\Goran\Application Data\ooVoo Details
2012-04-30 03:13 . 2012-04-30 03:13 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\APN
2012-04-29 16:13 . 2012-04-29 16:13 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09 . 2012-04-29 16:11 -------- d-----w- c:\documents and settings\Goran\Application Data\Photopos
2012-04-29 16:09 . 2012-04-29 16:09 -------- d-----w- c:\program files\PhotoposComTbr
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\program files\Hewlett-Packard
2012-04-22 10:18 . 2012-04-22 10:18 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 15:01 . 2011-05-31 12:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12 . 2012-03-31 05:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 07:12 . 2011-06-09 14:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 07:56 . 2010-11-29 14:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02 . 2008-04-07 09:54 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02 . 2009-04-04 03:20 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47 . 2008-04-07 09:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20 . 2010-11-29 15:33 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-01 12:06 . 2011-05-12 12:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 12:07 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-15 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Goran\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-5-15 951]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Digital Imaging Monitor.lnk.disabled [2008-3-12 1812]
Kodak EasyShare software.lnk.disabled [2011-9-10 1841]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Uniblue SpeedUpMyPC"=
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" delay 20000
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE
"36X Raid Configurer"=c:\windows\system32\xRaidSetup.exe boot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"Svchost1"=c:\windows\Temp\SecurityHackers1.exe
"Svchost2"=c:\windows\Temp\SecurityHackers2.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"<NO NAME>"=
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"McENUI"=c:\progra~1\McAfee\MHN\McENUI.exe /hide
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Xfire\\xfire_exception.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\wow-4.2.1.2736-enUS-tools-downloader.exe"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Apps\\2.0\\NNZXODTC.Z36\\L0EJW5YD.ZPE\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25999:TCP"= 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP"= 585:TCP:outlook send
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-Sep-2010 4:27 PM 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-Sep-2010 3:48 AM 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [26-Apr-2011 4:09 PM 752128]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07-Sep-2010 3:49 AM 295248]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30-Jun-2010 1:48 AM 116608]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-Sep-2010 3:48 AM 230608]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18-Feb-2010 2:25 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-May-2010 2:41 AM 67664]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26-Apr-2011 4:09 PM 3246040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-Oct-2011 6:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02-Aug-2011 6:09 AM 192776]
S2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [10-Nov-2011 7:49 AM 1677072]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10-May-2011 8:30 PM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-Feb-2012 8:50 AM 158856]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-Apr-2011 8:21 PM 92592]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12-Mar-2012 8:07 PM 918880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31-Mar-2012 1:41 PM 253088]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26-Apr-2011 4:09 PM 167968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13-Feb-2012 6:57 PM 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-Aug-2010 9:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-Aug-2010 9:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-Aug-2010 9:42 PM 16720]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [03-Sep-2009 11:41 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [03-Sep-2009 11:41 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-Jan-2008 6:06 PM 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [27-Jul-2007 8:00 PM 14336]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [18-Jan-2010 7:53 AM 19056]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [18-May-2011 10:34 PM 25088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-Jul-2008 10:01 PM 716272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
cfosspeeds
s716bus
ASMMAP
MpFilter
toddsrv
licensemanagersocket
cccredmgr
utilman
icepack
W2acehid
adsservice
nv4
CdaD10BA
nvstor32
imountsrv
passthru
PTproct
dlaudfam
rchost
XAudio
NWDHCP
ScFBPNT3
lvsrvlauncher
lxrjd31s
FireTDI
amusbprt
DumaNT
SED133x
picturetaker
dmprimer
CA561
BTSLBCSP
BUFADPT
scsk4
WIBUKEY
procexp111
iteatapi
avupdsvc
winpppoverethernet
websensedcagent
ARCSOFTVIRTUALCAPTURE
se59nd5
avg7updsvc
ifp800
bdrsdrv
pivotmou
vcommmgr
tbhsd
ZY202_XP
wm
R300
giveio
websensecpmcommunicationagent
oraclewebassistant
oracleoradb10g_home1isql*plus
dm1service
dot4ufd
PCTINDIS5
keriomailserver
zenos1
tpkmpsvc
mcods
AmdIde
yukonwlh
dlaifs_m
NxSysMon
nvrd64
btfirst
usbser
se58mgmt
L1e
slservice
HPFECP20
ghoststartservice
k750mgmt
avidstartup
se2End5
HSFHWALI
SetupSys
db2ntsecserver
omniusbl
msgame
s3savagemx
IBM_LLC2
MXOFX
bwmservice
openldap-slapd
alcxwdm
smcirda
A4S2600
ramaint
crauto
ARPolicy
ifxspmgtsrv
dbmang
websenseclientdeployservice
Alpham1
bdpredir
OEM02Vfx
3comtftp
amdk7
aaksrv
atimpab
wg5n
webcompserver
mi-raysat_3dsmax8
BsHelpCS
iPassP
ar5211
NWFILTER
Si3114r5
L6POD
mhndrv
fsRamDsk
oracleorahomemanagementserver
btnhnd
serialkeys
susbser
pivot
blueletscoaudio
GV600_4
pdlndldl
GVCplDrv
TOSHIBASoftModem
cwcspud
vaiomediaplatform-integratedserver-appserver
cics.region2
cmpci
2wirepcp
V0080Dev
DCamUSBSQTECH
zntport
TMHIDSRV
bdfsfltr
mpfirewl
efs
webrootadminconsole
WmiAcpi
smrt
patrolagent
USIUDF
ifxtcs
CcmExec
mcpromgr
sfdrv01
rt2870
megamonitorsrv
dirms_defragmentation
slave
adiloader
lxcgcustomerconnect
s125bus
yats32
smartwiservice
wg3n
maxbackserviceint
PSI_SVC_2
ino_fltr
pdfcreatormessages
eliservice
ssmdrv
nwrdr
mstdfrgs
SWNC8U20
rp_fws
DcPTP
PAC7302
ssscsisv
webdriveservice
thpsrv
acs
avsvcmonitor
Memctl
wandrv
tandpl
bjmcmng
pnarp
MRV6X32P
VRADFIL
ixiaendpoint
delldmi
WNCPKT
mssql$sony_mediamgr
mps9
ipssvc
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:12]
.
2012-05-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:57]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
2012-05-07 c:\windows\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 14:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: windowslivehelp.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{511131f1-4629-4254-a85f-ed7b6d75dd3c} - (no file)
BHO-{17313704-4A6F-4A90-B799-9A0ECD442850} - (no file)
BHO-{21893045-FD23-4839-8079-751626C13BD9} - (no file)
BHO-{e5deed4b-f298-4211-a480-2a963cf87dc5} - (no file)
BHO-{F08F5390-B47D-4517-AA17-1BCC9ED22183} - (no file)
BHO-{F3730A1F-B98C-4188-96FD-DAF6A9FDAC3A} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-09 00:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{488B7D68-9D12-06B4-21B5-4586810284C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-05-09 00:17:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 16:17
.
Pre-Run: 43,004,141,568 bytes free
Post-Run: 45,255,487,488 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 07191058DC4731874389895B8D41BA1B
 
Re:

Hi oldman960 :bigthumb:

I'll call it a night, if thats OK with You :). It's 00:30 here... cya tmrw :).
Have a nice day/evening :)
 
Hi JonDou,

How's the computer?

You should be able to boot to Normal windows to run this fix.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

Code: 
File::
c:\windows\Temp\SecurityHackers1.exe
c:\windows\Temp\SecurityHackers2.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=-
"netsvcs"=hex(7):36,74,6F,34,00,41,70,70,4D,67,6D,74,00,41,\
  75,64,69,6F,53,72,76,00,42,72,6F,77,73,65,72,00,43,72,79,70,74,53,76,\
  63,00,44,4D,53,65,72,76,65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,\
  76,65,6E,74,53,79,73,74,65,6D,00,46,61,73,74,55,73,65,72,53,77,69,74,\
  63,68,69,6E,67,43,6F,6D,70,61,74,69,62,69,6C,69,74,79,00,48,69,64,53,\
  65,72,76,00,49,61,73,00,49,70,72,69,70,00,49,72,6D,6F,6E,00,4C,61,6E,\
  6D,61,6E,53,65,72,76,65,72,00,4C,61,6E,6D,61,6E,57,6F,72,6B,73,74,61,\
  74,69,6F,6E,00,4D,65,73,73,65,6E,67,65,72,00,4E,65,74,6D,61,6E,00,4E,\
  6C,61,00,4E,74,6D,73,73,76,63,00,4E,57,43,57,6F,72,6B,73,74,61,74,69,\
  6F,6E,00,4E,77,73,61,70,61,67,65,6E,74,00,52,61,73,61,75,74,6F,00,52,\
  61,73,6D,61,6E,00,52,65,6D,6F,74,65,61,63,63,65,73,73,00,53,63,68,65,\
  64,75,6C,65,00,53,65,63,6C,6F,67,6F,6E,00,53,45,4E,53,00,53,68,61,72,\
  65,64,61,63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,\
  73,72,76,00,54,68,65,6D,65,73,00,54,72,6B,57,6B,73,00,57,33,32,54,69,\
  6D,65,00,57,5A,43,53,56,43,00,57,6D,69,00,57,6D,64,6D,50,6D,53,70,00,77,\
  69,6E,6D,67,6D,74,00,77,73,63,73,76,63,00,78,6D,6C,70,72,6F,76,00,6E,\
  61,70,61,67,65,6E,74,00,68,6B,6D,73,76,63,00,42,49,54,53,00,77,75,61,\
  75,73,65,72,76,00,53,68,65,6C,6C,48,57,44,65,74,65,63,74,69,6F,6E,00,68,\
  65,6C,70,73,76,63,00,57,6D,64,6D,50,6D,53,4E,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Svchost1"=-
"Svchost2"=-

Driver::
cfosspeeds
s716bus 
ASMMAP 
MpFilter 
toddsrv 
licensemanagersocket
cccredmgr
utilman 
icepack 
W2acehid
adsservice 
nv4
CdaD10BA 
nvstor32
imountsrv 
passthru 
PTproct 
dlaudfam 
rchost 
XAudio 
NWDHCP 
ScFBPNT3 
lvsrvlauncher 
lxrjd31s 
FireTDI 
amusbprt 
DumaNT 
SED133x 
picturetaker 
dmprimer 
CA561 
BTSLBCSP 
BUFADPT 
scsk4 
WIBUKEY 
procexp111 
iteatapi 
avupdsvc 
winpppoverethernet 
websensedcagent 
ARCSOFTVIRTUALCAPTURE 
se59nd5 
avg7updsvc 
ifp800 
bdrsdrv 
pivotmou 
vcommmgr 
tbhsd 
ZY202_XP 
wm 
R300 
giveio 
websensecpmcommunicationagent 
oraclewebassistant 
oracleoradb10g_home1isql*plus
dm1service 
dot4ufd
PCTINDIS5 
keriomailserver 
zenos1
tpkmpsvc 
mcods
AmdIde 
yukonwlh
dlaifs_m
NxSysMon 
nvrd64 
btfirst 
usbser 
se58mgmt 
L1e 
slservice 
HPFECP20
ghoststartservice 
k750mgmt 
avidstartup 
se2End5 
HSFHWALI 
SetupSys
db2ntsecserver 
omniusbl 
msgame 
s3savagemx
IBM_LLC2
atimpab
wg5n 
webcompserver
mi-raysat_3dsmax8 
BsHelpCS 
iPassP 
ar5211 
NWFILTER
Si3114r5
L6POD
mhndrv 
fsRamDsk 
oracleorahomemanagementserver 
btnhndl 
serialkeys 
susbser
pivot 
blueletscoaudio
GV600_4 
pdlndldl 
GVCplDrv 
TOSHIBASoftModem
cwcspud 
vaiomediaplatform-integratedserver-appserver
cics.region2 
cmpci 
2wirepcp
V0080Dev
DCamUSBSQTECH
zntport 
TMHIDSRV 
bdfsfltr 
mpfirewl 
efs 
webrootadminconsole 
WmiAcpi 
smrt 
patrolagent 
USIUDF 
ifxtcs 
CcmExecl 
mcpromgr 
sfdrv01 
rt2870 
megamonitorsrv 
dirms_defragmentation 
slave 
adiloader 
lxcgcustomerconnect 
s125bus 
yats32 
smartwiservice 
wg3n 
maxbackserviceint 
PSI_SVC_2 
ino_fltr 
pdfcreatormessages 
eliservice 
ssmdrv 
mstdfrgs 
SWNC8U20 
rp_fws 
DcPTP 
PAC7302 
ssscsisv 
webdriveservice 
thpsrv 
acs 
avsvcmonitor 
Memctl 
wandrv 
tandpl 
bjmcmng 
pnarp 
MRV6X32P 
VRADFIL 
ixiaendpoint 
delldmi 
WNCPKT 
mssql$sony_mediamgr 
mps9 
ipssvc

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

CFScriptB-4.gif
 
Last edited:
Status
Not open for further replies.
Back
Top