Another IDP.Trojan.1C8D1A13 and Crypt.AQLW infection...please help

Status
Not open for further replies.
Re:

Hi oldman960 :bigthumb:

The computer is filling better now :). It didn't freez when rebooted in normal mode

I did all as You requested... ComboFix detected rootkit activity:

"You are infected with Rootkit.ZeroAccess! It has inserted itself into the tep/ip stack. This is a particularly difficult infection."... etc.

It rebooted and started scanning again, but when it completed all the stages and started deleting files it has stuck at

Deleting files:

H:\Autorun.inf

What do I do next :)? Please help
 
Hi JonDou,

If there isn't the slightest bit of hard drive activity, reboot the computer and run combofix again.
 
Re:

Hi oldman960 :bigthumb:
I may have done it wrong. I have restarted computer and let it run through out the night, cause it seemed it has been stuck at the same point, but in the morning the log-in screen was waiting for me like it has finished the scan and rebooted. The thing is... after yesterday's reboot (when CF was stuck), I didn't start the CF again by draging the CFscript.txt onto the ComboFix.exe icon. I have just double clicked it :red:. Was that OK, or do You want me to do it again, but this time with draging the CFscript.txt ?
And another thing... I can't find the log from the last scan. I checked it in C:

Thanks again and sry if I made a mistake here.
 
Re:

Hi oldman960 :bigthumb:
It's been 4 hours since I double clicked CF to do the scan and it is stuck at the same position as before:

CFstuck.jpg


I ran it last night again and it didn't produce any log. The same login window was on screen when I woke up. I did another scan when I came back from work and that one is still running (4hours so far and it didn't move from H:\Autorun.inf). I don't know what to do :sad:
If it matters, hard drive H: I beleive is an external hard drive, which I can disconnect if you want me to.

Thanks for staying with my problem oldman960 :bigthumb:
 
Hi

Let's try it this way. Reboot the computer, disconnect the external drive.

After the computer restarts give it a bit to see if combofix will finish. If it doesn't, locate combofix.exe which you've renamed, right click it and click delete.

Download a new copy and try it again by double clicking it.
 
Re:

Hi oldman960 :bigthumb:
I've done the thing You've asked and the same thing happened there, just this time it has finished stage 50 and that was it. It didn't start deleting the files like before. I left it running for 3 hours and it didn't move from that stage, so I went to bad. In the morning, a windows login window was there and no log report in C: :sad:
Am I doing something wrong here?
On top of that... I can't get rid off "HPProductAssistance" popup window that keeps poping up :buried:.
HPAssistance.jpg

and when I click cancel:
HPAssistance2.jpg

then after OK it starts installing it again and repeats the proces all over again with the same pics ??!! :)
HPAssistance3.jpg


You said at the beginning not to install any program without your knoledge or instructions. Shall I find that disc and give it a go or just uninstall that crap :)? And yeah... what to do next with my problem :scratch:
Thanks oldman960 for your answers... I really appreciate it :bigthumb:
 
Re:

I DID IT :yahoo:
Finaly ... I thought I could try CF scan one more time so I deleted the icon and downloaded the fresh one (again :) )like you sugested it and ComboFix has finished it with the log report at the end :). It reported this as well, just before it restarted computer:

file.jpg


The log follows :).
 
Re:

Here is the log ComboFix.txt:



ComboFix 12-05-12.01 - Goran 2-May-2012 16:49:39.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2907 [GMT 8:00]
Running from: c:\documents and settings\Goran\Desktop\jgh.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_2WIREPCP
-------\Legacy_AMDIDE
-------\Legacy_AR5211
-------\Legacy_ARCSOFTVIRTUALCAPTURE
-------\Legacy_ASMMAP
-------\Legacy_ATIMPAB
-------\Legacy_AVG7UPDSVC
-------\Legacy_AVIDSTARTUP
-------\Legacy_BDFSFLTR
-------\Legacy_BDRSDRV
-------\Legacy_BLUELETSCOAUDIO
-------\Legacy_BSHELPCS
-------\Legacy_BTFIRST
-------\Legacy_CCCREDMGR
-------\Legacy_CFOSSPEEDS
-------\Legacy_CICS.REGION2
-------\Legacy_CMPCI
-------\Legacy_CWCSPUD
-------\Legacy_DB2NTSECSERVER
-------\Legacy_DCAMUSBSQTECH
-------\Legacy_DELLDMI
-------\Legacy_DLAIFS_M
-------\Legacy_DM1SERVICE
-------\Legacy_DOT4UFD
-------\Legacy_FSRAMDSK
-------\Legacy_GHOSTSTARTSERVICE
-------\Legacy_GIVEIO
-------\Legacy_GV600_4
-------\Legacy_HPFECP20
-------\Legacy_HSFHWALI
-------\Legacy_IBM_LLC2
-------\Legacy_IFP800
-------\Legacy_IFXTCS
-------\Legacy_IPASSP
-------\Legacy_IPSSVC
-------\Legacy_IXIAENDPOINT
-------\Legacy_K750MGMT
-------\Legacy_KERIOMAILSERVER
-------\Legacy_L1E
-------\Legacy_L6POD
-------\Legacy_LICENSEMANAGERSOCKET
-------\Legacy_MAXBACKSERVICEINT
-------\Legacy_MCODS
-------\Legacy_MCPROMGR
-------\Legacy_MHNDRV
-------\Legacy_MI-RAYSAT_3DSMAX8
-------\Legacy_MPFILTER
-------\Legacy_MPFIREWL
-------\Legacy_MPS9
-------\Legacy_MSGAME
-------\Legacy_MSSQL$SONY_MEDIAMGR
-------\Legacy_NVRD64
-------\Legacy_NWFILTER
-------\Legacy_NXSYSMON
-------\Legacy_OMNIUSBL
-------\Legacy_ORACLEORADB10G_HOME1ISQL*PLUS
-------\Legacy_ORACLEORAHOMEMANAGEMENTSERVER
-------\Legacy_ORACLEWEBASSISTANT
-------\Legacy_PCTINDIS5
-------\Legacy_PDLNDLDL
-------\Legacy_PIVOT
-------\Legacy_RT2870
-------\Legacy_S3SAVAGEMX
-------\Legacy_S716BUS
-------\Legacy_SE2END5
-------\Legacy_SE58MGMT
-------\Legacy_SE59ND5
-------\Legacy_SERIALKEYS
-------\Legacy_SETUPSYS
-------\Legacy_SFDRV01
-------\Legacy_SI3114R5
-------\Legacy_SLSERVICE
-------\Legacy_SUSBSER
-------\Legacy_TMHIDSRV
-------\Legacy_TODDSRV
-------\Legacy_TOSHIBASOFTMODEM
-------\Legacy_TPKMPSVC
-------\Legacy_USBSER
-------\Legacy_USIUDF
-------\Legacy_UTILMAN
-------\Legacy_V0080DEV
-------\Legacy_VAIOMEDIAPLATFORM-INTEGRATEDSERVER-APPSERVER
-------\Legacy_VRADFIL
-------\Legacy_WEBCOMPSERVER
-------\Legacy_WEBSENSECPMCOMMUNICATIONAGENT
-------\Legacy_WG5N
-------\Legacy_WNCPKT
-------\Legacy_YUKONWLH
-------\Legacy_ZENOS1
-------\Legacy_ZNTPORT
-------\Service_2wirepcp
-------\Service_AmdIde
-------\Service_ar5211
-------\Service_ARCSOFTVIRTUALCAPTURE
-------\Service_ASMMAP
-------\Service_atimpab
-------\Service_avg7updsvc
-------\Service_avidstartup
-------\Service_bdfsfltr
-------\Service_bdrsdrv
-------\Service_blueletscoaudio
-------\Service_BsHelpCS
-------\Service_btfirst
-------\Service_cccredmgr
-------\Service_cfosspeeds
-------\Service_cics.region2
-------\Service_cmpci
-------\Service_cwcspud
-------\Service_db2ntsecserver
-------\Service_DCamUSBSQTECH
-------\Service_delldmi
-------\Service_dlaifs_m
-------\Service_dm1service
-------\Service_dot4ufd
-------\Service_fsRamDsk
-------\Service_ghoststartservice
-------\Service_giveio
-------\Service_GV600_4
-------\Service_HPFECP20
-------\Service_HSFHWALI
-------\Service_IBM_LLC2
-------\Service_ifp800
-------\Service_ifxtcs
-------\Service_iPassP
-------\Service_ipssvc
-------\Service_ixiaendpoint
-------\Service_k750mgmt
-------\Service_keriomailserver
-------\Service_L1e
-------\Service_L6POD
-------\Service_licensemanagersocket
-------\Service_maxbackserviceint
-------\Service_mcods
-------\Service_mcpromgr
-------\Service_mhndrv
-------\Service_mi-raysat_3dsmax8
-------\Service_MpFilter
-------\Service_mpfirewl
-------\Service_mps9
-------\Service_msgame
-------\Service_mssql$sony_mediamgr
-------\Service_nvrd64
-------\Service_NWFILTER
-------\Service_NxSysMon
-------\Service_omniusbl
-------\Service_oracleoradb10g_home1isql*plus
-------\Service_oracleorahomemanagementserver
-------\Service_oraclewebassistant
-------\Service_PCTINDIS5
-------\Service_pdlndldl
-------\Service_pivot
-------\Service_rt2870
-------\Service_s3savagemx
-------\Service_s716bus
-------\Service_se2End5
-------\Service_se58mgmt
-------\Service_se59nd5
-------\Service_serialkeys
-------\Service_SetupSys
-------\Service_sfdrv01
-------\Service_Si3114r5
-------\Service_slservice
-------\Service_susbser
-------\Service_TMHIDSRV
-------\Service_toddsrv
-------\Service_TOSHIBASoftModem
-------\Service_tpkmpsvc
-------\Service_usbser
-------\Service_USIUDF
-------\Service_utilman
-------\Service_V0080Dev
-------\Service_vaiomediaplatform-integratedserver-appserver
-------\Service_VRADFIL
-------\Service_webcompserver
-------\Service_websensecpmcommunicationagent
-------\Service_wg5n
-------\Service_WNCPKT
-------\Service_yukonwlh
-------\Service_zenos1
-------\Service_zntport
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-08 15:43 . 2010-07-09 21:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-05-04 16:18 . 2012-05-04 16:19 -------- d-----w- c:\program files\ERUNT
2012-05-04 15:02 . 2012-05-04 15:02 -------- d-----w- c:\program files\Common Files\Java
2012-05-04 15:01 . 2012-05-04 15:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 15:01 . 2012-05-04 15:01 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-30 03:14 . 2012-04-30 03:18 -------- d-----w- c:\documents and settings\Goran\Application Data\ooVoo Details
2012-04-30 03:13 . 2012-04-30 03:13 -------- d-----w- c:\documents and settings\Goran\Local Settings\Application Data\APN
2012-04-29 16:13 . 2012-04-29 16:13 118318 ----a-w- c:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
2012-04-29 16:09 . 2012-04-29 16:11 -------- d-----w- c:\documents and settings\Goran\Application Data\Photopos
2012-04-29 16:09 . 2012-04-29 16:09 -------- d-----w- c:\program files\PhotoposComTbr
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\program files\Hewlett-Packard
2012-04-22 10:18 . 2012-04-22 10:18 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 15:01 . 2011-05-31 12:43 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 07:12 . 2012-03-31 05:41 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-29 07:12 . 2011-06-09 14:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 07:56 . 2010-11-29 14:02 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2012-02-15 13:02 . 2008-04-07 09:54 139488 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-02-15 13:02 . 2009-04-04 03:20 270776 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-02-15 13:02 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-02-15 12:51 . 2008-04-07 09:54 270776 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-02-14 12:47 . 2008-04-07 09:54 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-02-14 12:20 . 2010-11-29 15:33 682280 ----a-w- c:\windows\system32\pbsvc.exe
2011-12-01 12:06 . 2011-05-12 12:59 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 12:07 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-02 262144]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-11-15 2536448]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-01 5546376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-01 390720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\Goran\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2011-5-15 951]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Digital Imaging Monitor.lnk.disabled [2008-3-12 1812]
Kodak EasyShare software.lnk.disabled [2011-9-10 1841]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Uniblue SpeedUpMyPC"=
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" delay 20000
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" "sleep"
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"PeerBlock"=c:\program files\PeerBlock\peerblock.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Alcmtr"=ALCMTR.EXE
"36X Raid Configurer"=c:\windows\system32\xRaidSetup.exe boot
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"JMB36X IDE Setup"=c:\windows\RaidTool\xInsIDE.exe
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /installquiet
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"RTHDCPL"=RTHDCPL.EXE
"Acronis Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"<NO NAME>"=
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"LogitechVideo[inspector]"=c:\program files\Logitech\Video\InstallHelper.exe /inspect
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
"McAfee Backup"=c:\program files\McAfee\MBK\McAfeeDataBackup.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"McENUI"=c:\progra~1\McAfee\MHN\McENUI.exe /hide
"MBkLogOnHook"=c:\program files\McAfee\MBK\LogOnHook.exe
"GameFace Messenger"=c:\program files\GameFace Messenger\GameFace.exe
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.2.9901-to-3.1.3.9947-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Xfire\\xfire_exception.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\wow-4.2.1.2736-enUS-tools-downloader.exe"=
"c:\\Documents and Settings\\Goran\\Local Settings\\Apps\\2.0\\NNZXODTC.Z36\\L0EJW5YD.ZPE\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:*:Disabled:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25999:TCP"= 25999:TCP:*:Disabled:cs.xfire.com
"6112:TCP"= 6112:TCP:Blizzard Downloader
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"585:TCP"= 585:TCP:outlook send
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13-Sep-2010 4:27 PM 23120]
R0 AvgRkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07-Sep-2010 3:48 AM 32592]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [26-Apr-2011 4:09 PM 752128]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07-Sep-2010 3:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [07-Sep-2010 3:49 AM 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18-Feb-2010 2:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11-May-2010 2:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30-Jun-2010 1:48 AM 116608]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [26-Apr-2011 4:09 PM 3246040]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-Oct-2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02-Aug-2011 6:09 AM 192776]
R2 GS In-Game Service;GS In-Game Service;c:\program files\GameTracker\GSInGameService.exe [10-Nov-2011 7:49 AM 1677072]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [22-Apr-2011 8:21 PM 92592]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [12-Mar-2012 8:07 PM 918880]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [26-Apr-2011 4:09 PM 167968]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [13-Feb-2012 6:57 PM 101904]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19-Aug-2010 9:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19-Aug-2010 9:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19-Aug-2010 9:42 PM 16720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys --> c:\windows\system32\Drivers\spyemrg.sys [?]
S2 gupdate1c9891f144d5a58;Google Update Service (gupdate1c9891f144d5a58);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe [10-May-2011 8:30 PM 8192]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-Feb-2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [31-Mar-2012 1:41 PM 253088]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [03-Sep-2009 11:41 PM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [03-Sep-2009 11:41 PM 3072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [07-Feb-2009 8:24 PM 133104]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-Jan-2008 6:06 PM 21632]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [27-Jul-2007 8:00 PM 14336]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [18-Jan-2010 7:53 AM 19056]
S3 PciCon;PciCon;\??\e:\pcicon.sys --> e:\PciCon.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [18-May-2011 10:34 PM 25088]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17-Jul-2008 10:01 PM 716272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:12]
.
2012-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:57]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 12:24]
.
2010-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
2012-05-12 c:\windows\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 20:31]
.
2009-04-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 14:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: windowslivehelp.com\www
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 17:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-573735546-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{488B7D68-9D12-06B4-21B5-4586810284C2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(6152)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-12 17:58:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 09:58
ComboFix2.txt 2012-05-08 16:17
.
Pre-Run: 46,176,477,184 bytes free
Post-Run: 46,182,801,408 bytes free
.
- - End Of File - - 361ABA1800A736E86A76AF979BFD482E


Thank You oldman960 :bigthumb:
 
Hi JonDou,

Good job. :bigthumb:

How's the computer?

uTorrent
You have uTorrent, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the program itself that is the problem but what can be downloaded with it usually from an unknown source.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx

http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
  • MBAM log
 
Re:

Hi oldman960 :bigthumb:

Thanks for the links You gave me. I have gone through them and found very useful stuff. I will implement some of them :). I scaned a comp with MBAM today and

"The scan completed succesfully. No malicious items were detected."

Here is the log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.12.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Goran :: OWNER [administrator]

13-May-2012 9:15:06 AM
mbam-log-2012-05-13 (09-15-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257798
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I forgot to tell You... I don't experiance freezes any more with my computer, but You have probably figure it out by now :).
No more "HPProductAssistant" window poping out olso :).

Thanks again oldman960 :bigthumb:
 
Hi JonDou,

So far so good,

One more scan to check our handiwork.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.



After the ESET scan please rerun OTL. Open the program and click the Quick Scan button. Please post the OTL.txt that is produced.

Please post back with
  • ESET log if there was one
  • OTL.txt
Everything still ok?
 
Re:

Hi oldman960 :bigthumb:
I wanted to delete the old OTL.txt log from my desktop when I saw defogger_disable.log there. I remembered that you said something about it earlier and found this:

"IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop."

Because I didn't receive any error message (or I didn't see it at least) I wasn't expecting a log. Now that I found it, here it is: I'm sry if it turns out to be important one :slap:

defogger_disable log:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:02 on 07/05/2012 (Goran)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


I'll run the scans now...
 
Re:

Hi oldman960 :bigthumb:

OK... I did the scans and the logs follow. Quite a few infections were found :(.
Just wanted to tell You that in AVG's identity protection allowed list, is a
C:\WINDOWS\SYSTEM32\REGSVR32.EXE and the date allowed is 29.08.2011.
Should that be there?

ESETScan log:

C:\Qoobox\Quarantine\C\WINDOWS\system32\ATKGFNEXSrv.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\avupdsvc.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\awvaibcm.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\btserial.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\enwkuruc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\hxyrdorl.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhiptdjc.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\kfehbjfu.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\lxda_device.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Machnm32.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\MtxDma0.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Ncrc710.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\parallel.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pdlnshay.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ROB_A.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\SE2Dmdm.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcpip6.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdmaud.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\websensecamreportserver.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ydkbfemh.ini.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\system32\z800mdfl.dll.vir Win32/Sirefef.ER trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ZDPNDIS5.dll.vir Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242588.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0242617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0243617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0244617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0245617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246617.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246652.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246692.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1312\A0246792.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1313\A0246849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247685.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0247827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248836.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248837.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248843.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248844.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248845.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248846.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0248847.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0249827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0250827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0251827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0252827.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0253829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254838.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0254839.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0255829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0256829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0257829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0258829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0259829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0260829.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0261837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0262837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0263837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0264837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265837.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265849.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0265926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0266936.dll Win32/Sirefef.ER trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267926.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1322\A0267934.sys Win32/Sirefef.DA trojan
C:\System Volume Information\_restore{90A1C566-D24C-43DB-8E4D-013509380866}\RP1324\A0269280.dll Win32/Sirefef.DA trojan
D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application


Thanks oldman960 :bigthumb:
 
Re:

I did enable all antivirus and antispyware programs.

Have to break OTL.txt in two parts.

First part:

OTL Scan log

OTL logfile created on: 13-May-2012 7:52:04 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\Goran\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MMM-yyyy

3.50 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 76.66% Memory free
5.34 Gb Paging File | 4.56 Gb Available in Paging File | 85.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.12 Gb Total Space | 42.22 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 133.96 Gb Total Space | 14.78 Gb Free Space | 11.03% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.29 Gb Free Space | 0.39% Space Free | Partition Type: NTFS

Computer Name: MAKIGOKI | User Name: Goran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Goran\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\ElkCtrl.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll ()
MOD - C:\Program Files\GSC\CtxMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MXOFX) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (helpsvc) -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\w200mgmt.dll File not found
SRV - (btnhnd) -- %systemroot%\system32\SECYPUSB.dll File not found
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (aaksrv) -- %systemroot%\system32\RTL8169.dll File not found
SRV - (3comtftp) -- %systemroot%\system32\vmount2.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (GS In-Game Service) -- C:\Program Files\GameTracker\GSInGameService.exe (ClanServers Hosting LLC)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (p2pgasvc) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (KMService) -- C:\WINDOWS\system32\srvany.exe ()
 
Re:

Second part:

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (SpyEmrg) -- System32\Drivers\spyemrg.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (PciCon) -- E:\PciCon.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\jgh\catchme.sys File not found
DRV - (1802E) -- globalroot\C:\WINDOWS\system32\drivers\1802E.sys File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgRkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\WINDOWS\system32\drivers\tdrpm273.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (Video3D) -- C:\WINDOWS\system32\drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1455F202-242E-4872-9700-182595B04230}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo.com/search?ei=utf-8&fr=chr-vmn&type=photopos2_0yach&q={searchTerms}
IE - HKCU\..\SearchScopes\{7400AA93-E276-4810-886F-5F5A9DDC3FD6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNWQ_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={60F607CC-7962-4103-A140-A4612667239E}&mid=44fe0b7a735675b2c18c7d77bd9a4579-0ea5e905f1d14e46bc4439e0ddc6c448b29e541b&lang=en&ds=AVG&pr=fr&d=2011-10-26 19:36:50&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=0&v=6.103.18.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.avg.com/route/?d=4c9dba95&v=6.10.6.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.023.001
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4c9dba95&v=6.010.023.001&i=23&tp=ab&iy=&ychte=au&lng=en-US&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-26 13:57:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012-02-01 18:58:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012-03-12 20:07:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-01-02 19:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-04 23:01:11 | 000,000,000 | ---D | M]

[2010-10-02 00:30:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions
[2011-08-27 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009-12-23 13:11:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2012-05-04 23:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions
[2011-11-06 08:18:06 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010-10-28 18:20:38 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012-04-30 00:09:10 | 000,000,000 | ---D | M] (PhotoPos Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8}
[2012-05-03 22:12:19 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011-08-17 21:37:03 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\aol-web-search.xml
[2011-02-01 19:05:08 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\askcom.xml
[2008-03-16 09:00:27 | 000,002,386 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\siteadvisor.xml
[2011-02-19 19:31:14 | 000,001,244 | -H-- | M] () -- C:\Documents and Settings\Goran\Application Data\Mozilla\Firefox\Profiles\io5uagfw.default\searchplugins\winamp-search.xml
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-04-22 18:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011-05-31 20:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012-05-04 23:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011-12-01 20:06:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011-07-12 05:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012-03-12 20:07:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011-12-01 20:06:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! Search (Enabled)
CHR - default_search_provider: search_url = http://au.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_au&p={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Goran\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2012-05-12 17:51:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PhotoPos Toolbar) - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCameraService(E)] C:\WINDOWS\System32\ElkCtrl.exe (Logitech Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Goran\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk.disabled ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Goran\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O9 - Extra 'Tools' menuitem : &Quick Login www.yu-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: windowslivehelp.com ([www] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/downl...75-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} http://update.hpphoto.com/download/HPSWUpdate.ocx (CUpdateCtl Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D7EA95F-613D-4920-A9D9-744B04D456C7}: NameServer = 192.168.1.1,198.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D313AD3B-2A3F-4708-93FA-5AA7A28B9671}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goran\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-02-18 21:07:08 | 000,000,600 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{26BD304E-C934-11DC-B644-806D6172696F}\bootwiz\asrm.bin)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-05-13 19:47:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012-05-13 18:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012-05-12 16:26:46 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-09 00:17:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012-05-08 23:40:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012-05-08 23:16:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012-05-08 23:16:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012-05-08 23:16:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012-05-08 23:16:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012-05-08 21:40:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-05-06 22:37:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:37:44 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012-05-05 00:18:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012-05-05 00:17:27 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-04 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012-05-02 20:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012-05-02 20:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012-04-30 11:14:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2012-04-30 11:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Local Settings\Application Data\APN
[2012-04-30 00:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2012-04-30 00:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoposComTbr
[2012-04-24 19:57:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012-04-24 19:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012-04-22 18:18:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012-04-22 18:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011-05-15 13:47:37 | 540,639,232 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Goran\Application Data\14.0.4734.1000_ProfessionalPlus_volume_ship_x86_en-us_exe.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2012-05-13 19:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-05-13 19:46:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-05-13 17:43:26 | 098,041,082 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012-05-13 17:40:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-05-13 03:25:11 | 001,686,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012-05-13 03:04:57 | 000,472,738 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012-05-13 03:04:57 | 000,090,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012-05-13 03:01:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012-05-12 17:51:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012-05-12 16:26:46 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\Goran\Desktop\jgh.exe
[2012-05-12 13:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-05-12 06:27:12 | 000,001,663 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012-05-10 23:21:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012-05-10 22:42:38 | 000,026,134 | -H-- | M] () -- C:\treeinfo.wc
[2012-05-08 23:42:28 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012-05-08 23:40:20 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012-05-08 21:37:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-05-07 20:02:35 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 18:38:58 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-06 22:29:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Goran\Desktop\aswMBR.exe
[2012-05-06 22:25:10 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goran\Desktop\OTL.exe
[2012-05-05 17:30:22 | 000,008,960 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-05-05 00:17:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Goran\Desktop\erunt-setup.exe
[2012-05-03 21:20:23 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012-05-02 19:08:53 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120503-001603.backup
[2012-05-01 23:15:52 | 000,002,233 | ---- | M] () -- C:\Documents and Settings\Goran\Desktop\Pilici.lnk
[2012-05-01 22:59:00 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WORLD OF WARCRAFT.LNK
[2012-05-01 16:59:54 | 000,387,826 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012-04-30 00:13:03 | 000,118,318 | ---- | M] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-24 20:04:20 | 000,141,123 | ---- | M] () -- C:\WINDOWS\hpoins14.dat
[2012-04-24 19:59:13 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-04-22 20:43:24 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Goran\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-05-10 22:42:38 | 000,026,134 | -H-- | C] () -- C:\treeinfo.wc
[2012-05-08 23:40:20 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012-05-08 23:40:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012-05-08 23:16:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012-05-08 23:16:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012-05-08 23:16:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012-05-08 23:16:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012-05-08 23:16:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012-05-07 20:02:10 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Goran\defogger_reenable
[2012-05-07 19:59:34 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Defogger.exe
[2012-05-07 15:38:41 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.zip
[2012-05-07 15:36:51 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\MBR.dat
[2012-05-05 17:30:22 | 000,008,960 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\Attach.zip
[2012-05-05 00:19:18 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\Goran\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012-05-05 00:18:27 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\NTREGOPT.lnk
[2012-05-05 00:18:27 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Goran\Desktop\ERUNT.lnk
[2012-04-30 00:13:03 | 000,118,318 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2012-04-25 08:04:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012-04-24 19:59:13 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.01.lnk
[2012-04-24 19:58:06 | 000,001,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012-02-13 18:28:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012-02-03 17:29:56 | 000,042,392 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011-08-21 16:36:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011-07-23 09:02:38 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll
[2011-06-25 16:44:12 | 000,090,744 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011-06-19 15:18:10 | 000,140,564 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2011-06-19 15:18:10 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2011-05-15 16:42:16 | 000,038,457 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\Comma Separated Values (Windows).ADR
[2011-05-10 20:30:54 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\srvany.exe
[2011-05-07 13:09:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Goran\Application Data\$_hpcst$.hpc
[2011-04-12 02:36:43 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436r
[2011-04-12 02:36:42 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~18800436
[2011-04-11 11:59:33 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260r
[2011-04-11 11:59:33 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19390260
[2011-04-06 12:09:19 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-04-06 11:19:43 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011-02-25 21:04:10 | 000,119,630 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011-02-25 21:04:03 | 000,119,394 | ---- | C] () -- C:\WINDOWS\Christmas and New Year Frames Pack Uninstaller.exe
[2011-02-23 22:15:04 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\syoepk_lib0.dll
[2011-02-23 22:15:03 | 000,000,094 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011-02-23 22:13:45 | 000,210,628 | ---- | C] () -- C:\WINDOWS\Photo Pos Pro Uninstaller.exe
[2011-01-26 22:26:36 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011-01-26 22:26:36 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011-01-07 12:36:51 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010-12-17 16:00:46 | 000,227,587 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010-11-29 23:33:44 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2010-07-10 05:38:00 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2011-05-07 09:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2011-02-17 14:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008-04-02 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2012-03-12 20:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011-05-15 23:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2012-05-06 22:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010-10-28 17:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008-02-28 09:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010-10-28 18:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008-02-04 05:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011-01-29 15:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2011-02-04 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2009-03-14 18:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2011-05-17 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008-02-09 07:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
[2010-02-05 15:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3
[2008-04-07 10:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008-04-08 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008-04-15 11:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008-02-09 07:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2011-05-12 23:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010-10-15 17:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008-04-15 18:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2011-01-07 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010-11-19 11:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2008-03-27 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009-03-08 12:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2008-03-31 09:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Meridian93
[2012-05-13 17:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012-02-18 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008-02-08 16:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008-06-16 19:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010-01-29 14:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2008-04-14 10:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008-04-03 13:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008-02-04 05:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010-05-06 11:40:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011-09-11 19:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2011-08-27 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010-07-05 21:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010-04-13 12:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008-12-30 09:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2008-02-18 12:32:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\.BitTornado
[2011-04-27 22:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\9EB8F174-10C4-4BF3-9A55-36818C9AF17C
[2008-04-17 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acreon
[2009-09-02 21:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Acronis
[2011-05-31 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AUSkey
[2011-10-26 19:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG Secure Search
[2011-10-26 19:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\AVG2012
[2008-03-21 21:09:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BitTorrent
[2008-03-23 13:38:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\BSplayer
[2011-06-25 15:42:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Camfrog
[2008-05-30 19:32:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Canon
[2011-03-08 18:47:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ElevatedDiagnostics
[2011-05-17 22:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\EmailNotifier
[2008-02-09 02:58:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Gamelab
[2012-02-14 22:53:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GameTracker
[2011-09-06 23:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Garmin
[2010-05-17 19:03:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GetRightToGo
[2008-04-15 20:15:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\GSC
[2008-02-21 09:46:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ICQ
[2008-02-27 09:51:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\iWinArcade
[2008-04-03 14:11:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Jane s Hotel Family Hero
[2008-01-29 07:40:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Leadertech
[2011-02-01 16:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\ManyCam
[2008-03-30 19:32:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Meridian93
[2008-06-16 21:04:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Nokia
[2008-02-08 16:03:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Oberon Games
[2012-04-30 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\ooVoo Details
[2009-02-26 15:09:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PC Suite
[2011-07-03 16:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoCollageMax
[2012-04-30 00:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Photopos
[2011-05-17 21:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\PhotoposComtb
[2008-04-14 10:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\PlayFirst
[2009-02-21 16:10:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Safer Networking
[2009-03-08 10:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Simply Super Software
[2011-09-11 09:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Skinux
[2008-02-27 08:40:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\SpinTop
[2011-05-27 20:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TeamViewer
[2008-05-25 14:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TERMINAL Studio
[2008-03-17 00:16:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\TheScruffs
[2011-08-27 20:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\TomTom
[2008-04-09 19:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Ulead Systems
[2012-05-04 23:06:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Uniblue
[2012-04-10 22:23:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\uTorrent
[2009-12-23 13:25:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\Vivox
[2012-04-22 15:19:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Goran\Application Data\VoipStunt
[2011-08-13 08:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goran\Application Data\Windows Live Writer
[2010-04-16 03:00:49 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2012-05-13 19:53:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BC336FD9-D90D-4E58-9AC1-660635137860}.job
[2009-04-23 00:35:55 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



< End of report >


Thanks oldman960 :bigthumb:
 
Hi JonDou,

The detections are files we have all ready quarantined or are old System Restore points. These will be removed when the tools are removed.

C:\WINDOWS\SYSTEM32\REGSVR32.EXE
Click to expand...
Yes that is a legitamate file and location.

D:\My Documents\marina\portfolio\vectors\picture\SweetImSetup.exe a variant of Win32/SweetIM.B application
D:\My Documents\programi\gamebooster.exe a variant of Win32/Toolbar.Widgi application
D:\My Documents\programi\PhotoPosPro\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
D:\My Documents\programi\Uniblue\spyeraser.exe probably a variant of Win32/UbSpyEraser application
D:\My Documents\programi 2\PhotoPosPro_SetUp.exe Win32/Toolbar.Zugo application
Click to expand...
These are warning of potentialy unwanted programs (PUP) or the fact that the setup files contain a PUP.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: 
:Reg

:Services
CcmExec
MXOFX
btnhnd
aaksrv
3comtftp

:Files
C:\windows\system32\WinVd32.dll 
C:\windows\system32\w200mgmt.dll
C:\windows\system32\SECYPUSB.dll
C:\windows\system32\RTL8169.dll
C:\windows\system32\vmount2.dll

:Commands
[emptytemp]
[createrestorepoint]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the fix OTL log.
 
Re:

Hi oldman960 :bigthumb:
Computer is doing fine so far :bow: with full antivirus and antispyware software running :).
I did a fix and here is the log file:

All processes killed
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
Service CcmExec stopped successfully!
Service CcmExec deleted successfully!
Service MXOFX stopped successfully!
Service MXOFX deleted successfully!
Service btnhnd stopped successfully!
Service btnhnd deleted successfully!
Service aaksrv stopped successfully!
Service aaksrv deleted successfully!
Service 3comtftp stopped successfully!
Service 3comtftp deleted successfully!
========== FILES ==========
File\Folder C:\windows\system32\WinVd32.dll not found.
File\Folder C:\windows\system32\w200mgmt.dll not found.
File\Folder C:\windows\system32\SECYPUSB.dll not found.
File\Folder C:\windows\system32\RTL8169.dll not found.
File\Folder C:\windows\system32\vmount2.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 373795 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Goran
->Temp folder emptied: 933934 bytes
->Temporary Internet Files folder emptied: 25645899 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 37941165 bytes
->Google Chrome cache emptied: 62476616 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2656 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 15076 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 20265 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 29536882 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152659 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 20105630 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 208728 bytes

Total Files Cleaned = 169.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.42.2 log created on 05142012_134515

Files\Folders moved on Reboot...
C:\Documents and Settings\Goran\Local Settings\Temp\WCESLog.log moved successfully.
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3519.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3524.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF3563.tmp not found!
File\Folder C:\Documents and Settings\Goran\Local Settings\Temp\~DF356E.tmp not found!
C:\Documents and Settings\Goran\Local Settings\Temp\~DFF800.tmp moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\QPYPYKEU\showthread[2].htm moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\MSC9O6JR\favicon[5].ico moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\Content.IE5\1IDUYTRX\topbuttons[2].xml moved successfully.
C:\Documents and Settings\Goran\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

I hope everything is fine now. Thank You again for helping me :).
 
Hi JonDou,

You are welcome.

It looks like you are good to go.

When you clean up the tools keep Defogger we will use it shortly.

From your desktop, please delete, if present
  • any notepads/logs that we created
  • DDS.scr
  • aswMBR.exe
  • MBR.zip
  • MBR.dat

Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK

Combofix /uninstall

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM, keep it updated and use it regularly.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Add a firewall to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware, IMO)



You can use Spybot to install a Custom Hosts file.

1-Left-click the "Spybot - Search & Destroy" shortcut to open the program
2-Right-click an item in the list of immunizations and click "Deselect All."
3-Scroll down to the bottom of the list and click the checkbox to the left of "Global (Hosts)" under the "Windows" header.
4-Click "Immunize" on the Spybot toolbar.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.

-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, ates to your chosen optionClick your start button > Control Panel > System > Automatic Updates tab.

- Keep your antivirus program updated, as well as any other security programs you have.

-More tips and programs can be found HERE

Please post back if you have any problems or questions.

Take care
 
Re:

:2thumb: hi oldman960 :bigthumb:
:bow::bow::bow:
You guys are amazing. I can't thank You enough oldman960 for cleaning my computer :thanks:. It looked so easy looking at your posts and instructions, but I was so scared :). Thank You so much mate.

I've got a minor issue now. When I ran OTL to do the clean up, it deleted(cleaned) the defogger as well :). Now I don't know how to enable Emulation drivers. Is there an option inside the program that I'm using (Alcohol 120%) or should I download a new one and then ... hmm, I dont know :)?

Would it be rude if I ask You a questions? When I open windows explorer and from that window I open disc C: or any other folder, windows explorer stops working (incountered a problem and needs to close) and then the whole desktop refreshes and windows explorer becomes functional again. Can You help me with that or at least if You could tell me where to post that thread, in which subforum?

Thanks again for fixing it oldman960 :)
 
Status
Not open for further replies.
Back
Top