Win32/zbot and vbs generic + multiple other viruses- Please Help Me :(

Hi I registered today and ran the checks you have asked.

I however have done these after doing a few bits (Stupidly probably) myself.

The story starts with a pop up asking me to allow it. I said yes as it said it was from microsoft. Then the viruses came.

Originally i was using AVG and it showed win32/zbot - g and VBS Generic viruses were everywhere 8000+

After starting to delete some of these I read it was not the right thing to do. I am unable to use adobe acrobat and celtx (Maybe some other things im not sure).

I ended up uninstalling AVG as it was interfering with malwarebytes which found and deleted 2 infected items. I have also ran superantispyware pro which found and deleted a few things.

However I have now installed Avast and its showing 8000+ viruses affected again. I have conducted this scan in safe mode.

This scan also however doesnt show the zbot or vbs generic viruses anymore instead it shows a whole new crop.

These are:

vbs:exedropper-gen
Win32 Ramnit G
win32 fileinfector - a
win32:vitro
win32:prefploy

I am still in safe mode and will attach the otl/extras/aswMBR/checkup results in a secondary post.

However i must note i'm not sure if it froze/finished or i was impatient but i am not sure if the aswMBR had fully finished.

Any help is really appreciated. Hope to hear from you soon.

Best,

Richard.

OTL RESULTS


OTL logfile created on: 6/28/2011 9:56:06 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\windows\system32\config\systemprofile\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 70.69% Memory free
5.86 Gb Paging File | 5.37 Gb Available in Paging File | 91.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.05 Gb Total Space | 15.95 Gb Free Space | 9.27% Space Free | Partition Type: NTFS
Drive D: | 45.74 Gb Total Space | 45.36 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 21:53:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.com
PRC - [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 21:53:57 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.com
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/08 02:50:25 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/13 22:58:10 | 000,044,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/21 10:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2007/08/08 11:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/28 16:58:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 12:07:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 00:35:16 | 000,000,000 | ---D | M]

[2011/06/28 13:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/21 09:29:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/28 15:31:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/28 15:01:06 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2010/01/28 15:01:05 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/01 09:42:24 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/01 09:42:24 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/01 09:42:24 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/05/01 09:42:24 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (TextAloud) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: PYHSWVKSqseodoe.exe - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 19:48:50 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Favorites
[2011/06/28 16:59:42 | 000,000,000 | ---D | C] -- C:\windows\System32\%LocalAppData%
[2011/06/28 16:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/06/28 16:58:52 | 000,019,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2011/06/28 16:58:51 | 000,307,928 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2011/06/28 16:58:43 | 000,049,240 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2011/06/28 16:58:43 | 000,025,432 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2011/06/28 16:58:42 | 000,441,176 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2011/06/28 16:58:39 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys
[2011/06/28 16:58:30 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2011/06/28 16:58:30 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2011/06/28 16:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/06/28 16:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/28 14:32:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/28 14:32:58 | 000,000,000 | -HSD | C] -- \Config.Msi
[2011/06/28 13:41:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/06/28 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/28 13:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/28 13:41:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/06/28 13:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/28 12:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/06/28 12:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/06/28 12:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/28 12:06:32 | 000,000,000 | R--D | C] -- C:\Windows\System32\config\systemprofile\Desktop
[2011/06/28 11:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/06/28 10:56:12 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011/06/28 02:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/06/28 02:07:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/06/28 02:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/06/17 19:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2011/06/17 19:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2011/06/16 02:01:26 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/06/16 02:01:16 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2011/06/16 02:01:16 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/16 02:01:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/16 02:01:16 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/16 02:01:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/16 02:01:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/16 02:01:15 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/16 02:01:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/16 02:01:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/16 02:01:15 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/16 02:01:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/09 22:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/06/09 22:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/06/09 22:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/06/09 17:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/06/28 21:46:32 | 000,674,732 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/28 21:46:32 | 000,131,820 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/28 16:58:54 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/28 16:58:39 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011/06/28 16:35:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/28 16:35:09 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 16:34:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:34:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 16:29:51 | 000,000,884 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 16:23:03 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 13:41:36 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 12:12:04 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/28 12:07:30 | 000,000,000 | ---- | M] () -- C:\windows\nsreg.dat
[2011/06/28 02:34:53 | 000,020,552 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/06/28 02:16:32 | 000,004,420 | ---- | M] () -- C:\windows\System32\.crusader
[2011/06/28 02:07:39 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/09 17:27:35 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/06/28 16:58:53 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/06/28 13:41:36 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/28 12:12:04 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2011/06/28 12:07:30 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/28 02:16:32 | 000,004,420 | ---- | C] () -- C:\windows\System32\.crusader
[2011/06/28 02:07:44 | 000,020,552 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/06/28 02:07:39 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/06/09 17:27:35 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/03/23 23:19:42 | 000,069,361 | ---- | C] () -- C:\windows\Huawei ModemsUninstall.exe
[2010/11/23 20:35:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/08/13 19:51:50 | 000,003,650 | ---- | C] () -- \musicjacker.xml
[2010/01/28 13:34:51 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/01/28 13:29:53 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/09/18 00:11:40 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/09/17 23:34:57 | 3150,565,376 | -HS- | C] () --
[2009/09/17 23:34:57 | 2362,920,960 | -HS- | C] () --
[2009/09/17 08:10:18 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009/09/17 07:45:46 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 001,772,224 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,674,732 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,131,820 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

========== Custom Scans ==========


Invalid Environment Variable: APPDATA

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/28 16:45:51 | 058,064,040 | ---- | M] () -- C:\Windows\System32\config\systemprofile\Desktop\setup_av_free.exe
[2011/06/28 12:10:57 | 011,503,480 | ---- | M] (SUPERAntiSpyware.com) -- C:\Windows\System32\config\systemprofile\Desktop\SUPERAntiSpywarePro.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/06/22 00:35:15 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/06/22 00:35:15 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/06/22 00:35:15 | 000,246,744 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/03/23 23:19:38 | 000,000,000 | ---D | M] -- C:\Program Files\3
[2005/01/01 11:05:14 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/06/28 11:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\AnyPC Client
[2010/01/28 14:43:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/04/10 12:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros Client Installation Program
[2011/06/28 16:58:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2010/10/14 10:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/03/21 22:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2010/01/28 14:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/25 23:34:18 | 000,000,000 | ---D | M] -- C:\Program Files\CDisplayEx
[2011/06/28 11:49:15 | 000,000,000 | ---D | M] -- C:\Program Files\Celtx
[2010/04/25 23:26:45 | 000,000,000 | ---D | M] -- C:\Program Files\Comical
[2011/06/09 22:54:18 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/01/28 13:49:19 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/06/17 19:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Digiarty
[2009/09/18 00:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/06/28 21:23:34 | 000,000,000 | ---D | M] -- C:\Program Files\Free RAR Extract Frog
[2011/06/09 17:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/06 16:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2011/06/28 02:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Hitman Pro 3.5
[2011/06/28 21:23:35 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2011/03/23 23:19:38 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 07:40:54 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/06/16 03:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/02/04 18:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/04 18:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/28 15:31:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/01/28 17:22:54 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2010/04/25 23:30:20 | 000,000,000 | ---D | M] -- C:\Program Files\Ken Ward's Zipper
[2011/06/28 02:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2011/06/28 13:41:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/28 13:47:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/03/24 09:49:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/09/18 00:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/01/28 13:42:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/28 21:23:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2011/06/28 21:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2011/06/16 03:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/01/28 13:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Small Business
[2011/03/01 01:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/01/28 13:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/01/28 13:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/10/26 01:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/29 00:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/06/22 00:35:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/13 19:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\musicjacker
[2010/01/28 17:22:52 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/01/28 17:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3.1 (en-US) Installation Files
[2010/01/28 14:43:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/09/17 07:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/03/21 22:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/21 22:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\Regensoft
[2010/01/28 13:48:17 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/01/28 13:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung Casual Games
[2011/06/09 22:54:18 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/01/28 14:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\Spotify
[2011/06/28 12:12:09 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/09/17 07:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2009/09/17 07:42:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
[2010/02/20 19:10:52 | 000,000,000 | ---D | M] -- C:\Program Files\TextAloud
[2011/02/06 21:49:53 | 000,000,000 | ---D | M] -- C:\Program Files\TotalImageConverter
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2011/04/04 00:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/01/28 14:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/01/28 19:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/01/28 19:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/01/28 13:47:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/01/28 13:44:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/12/16 09:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/14 10:11:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/01/28 19:12:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2009/07/14 05:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/01/28 19:12:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTOR.SYS >
[2009/06/04 10:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 10:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-28 09:56:19

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 00:35:15 | 000,552,456 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/22 00:35:15 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/14 00:52:23 | 001,011,768 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/14 02:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/22 20:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

Extras Results


OTL Extras logfile created on: 6/28/2011 9:56:06 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\windows\system32\config\systemprofile\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 70.69% Memory free
5.86 Gb Paging File | 5.37 Gb Available in Paging File | 91.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 172.05 Gb Total Space | 15.95 Gb Free Space | 9.27% Space Free | Partition Type: NTFS
Drive D: | 45.74 Gb Total Space | 45.36 Gb Free Space | 99.17% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CDisplayEx_is1" = CDisplayEx 1.4
"Celtx (2.7)" = Celtx (2.7)
"Comical_is1" = Comical 0.8
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"Huawei Modems" = Huawei Modems
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Ken Ward's Zipper_is1" = Ken Ward's Zipper 1.4000
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"PROHYBRIDR" = 2007 Microsoft Office system
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TextAloud MP3_is1" = TextAloud
"Total Image Converter_is1" = TotalImageConverter
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 5.04
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX Free DVD Ripper_is1" = WinX Free DVD Ripper 4.5.14
"YouTube Downloader App" = YouTube Downloader App 2.03

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/18/2011 6:54:31 PM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/19/2011 1:33:45 PM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/20/2011 8:23:13 AM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/20/2011 11:02:50 PM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/20/2011 11:03:45 PM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/21/2011 3:57:05 AM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/22/2011 2:00:56 AM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/27/2011 10:37:01 AM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/27/2011 12:25:35 PM | Computer Name = Richard-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/27/2011 5:19:05 PM | Computer Name = Richard-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 6/28/2011 7:06:45 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 7:06:46 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 6/28/2011 11:35:23 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache SABI SASDIFSV SASKUTIL spldr Wanarpv6

Error - 6/28/2011 11:35:31 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 11:35:39 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 11:35:43 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 11:35:43 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 11:35:44 AM | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 6/28/2011 11:58:37 AM | Computer Name = Richard-PC | Source = DCOM | ID = 10005
Description =

Error - 6/28/2011 4:46:23 PM | Computer Name = Richard-PC | Source = DCOM | ID = 10010
Description =


< End of report >

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-28 22:43:16
-----------------------------
22:43:16.088 OS Version: Windows 6.1.7600
22:43:16.088 Number of processors: 2 586 0x170A
22:43:16.089 ComputerName: RICHARD-PC UserName: Richard
22:43:17.225 Initialize success
22:43:17.261 AVAST engine defs: 11060300
22:43:21.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:43:21.072 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
22:43:21.132 Disk 0 MBR read successfully
22:43:21.134 Disk 0 MBR scan
22:43:21.136 Disk 0 unknown MBR code
22:43:21.143 Disk 0 scanning sectors +488394752
22:43:21.215 Disk 0 scanning C:\windows\system32\drivers
22:43:44.079 Service scanning
22:43:44.931 Disk 0 trace - called modules:
22:43:44.944
22:43:45.658 AVAST engine scan C:\windows
23:02:39.515 Disk 0 MBR has been saved successfully to "C:\windows\system32\config\systemprofile\Desktop\MBR.dat"
23:02:39.516 The log file has been saved successfully to "C:\windows\system32\config\systemprofile\Desktop\aswMBR.txt"

Check up results


Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 23
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

Hi there canyousmellme and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit this webpage and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Ok here is the log. Thank you for your help!


ComboFix 11-06-29.02 - SYSTEM 29/06/2011 12:39:54.1.2 - x86 NETWORK
Running from: c:\windows\system32\config\systemprofile\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Richard\AppData\Roaming\Adobe\plugs
c:\users\Richard\AppData\Roaming\Adobe\shed
c:\users\Richard\AppData\Roaming\Egdica
c:\users\Richard\AppData\Roaming\Egdica\lyuxs.exe
c:\users\Richard\AppData\Roaming\EurekaLog
c:\users\Richard\AppData\Roaming\Giryb
c:\users\Richard\AppData\Roaming\Giryb\neovp.exe
c:\users\Richard\AppData\Roaming\Ymdy
c:\users\Richard\AppData\Roaming\Ymdy\ivwy.ige
c:\users\Richard\Documents\Registrybackupone.reg
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))
.
.
2011-06-29 11:38 . 2011-06-29 11:38 -------- d-----w- C:\32788R22FWJFW
2011-06-29 01:04 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-29 01:04 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-29 01:04 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-29 01:04 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-29 01:04 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-29 01:04 . 2011-05-10 11:59 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-29 01:04 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-29 01:04 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-28 15:59 . 2011-06-28 20:49 -------- d-----w- c:\windows\system32\%LocalAppData%
2011-06-28 15:58 . 2011-06-29 01:04 -------- d-----w- c:\programdata\AVAST Software
2011-06-28 15:58 . 2011-06-28 15:58 -------- d-----w- c:\program files\AVAST Software
2011-06-28 12:41 . 2011-06-28 12:41 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes
2011-06-28 12:41 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-28 12:41 . 2011-06-28 12:41 -------- d-----w- c:\programdata\Malwarebytes
2011-06-28 12:41 . 2011-06-28 12:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-28 12:41 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 11:12 . 2011-06-28 11:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-28 11:12 . 2011-06-28 11:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-28 09:56 . 2011-06-20 07:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7BC1F16-A53D-473D-A543-96171A0C4138}\mpengine.dll
2011-06-28 09:56 . 2011-05-24 18:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-28 01:07 . 2011-06-28 01:34 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-28 01:07 . 2011-06-28 01:07 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-28 01:05 . 2011-06-28 01:16 -------- d-----w- c:\programdata\Hitman Pro
2011-06-17 18:40 . 2011-06-17 18:41 -------- d-----w- c:\users\Richard\.dvdcss
2011-06-17 18:39 . 2011-06-17 18:39 -------- d-----w- c:\users\Richard\AppData\Roaming\Digiarty
2011-06-17 18:39 . 2011-06-17 18:39 -------- d-----w- c:\program files\Digiarty
2011-06-09 21:54 . 2011-06-12 23:00 -------- d-----w- c:\programdata\Skype Extras
2011-06-09 21:54 . 2011-06-09 21:54 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-22 19:36 . 2011-05-25 08:13 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 23:34 . 2011-04-14 23:34 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-09 06:13 . 2011-05-11 07:55 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 07:55 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-21 21:50 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 136176]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 17:48]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-11 17:48]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-PYHSWVKSqseodoe - c:\programdata\PYHSWVKSqseodoe.exe
AddRemove-Magic ISO Maker v5.5 (build 0281) - c:\progra~1\MagicISO\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-29 12:53:11
ComboFix-quarantined-files.txt 2011-06-29 11:53
.
Pre-Run: 16,986,456,064 bytes free
Post-Run: 18,776,203,264 bytes free
.
- - End Of File - - 64A678D4A3317662FA2173F8D978BED0

Well, I don´t see anything that really worries me. You seem to have no active malware.

This folder:
c:\windows\system32\%LocalAppData%
Has a REALLY weird name. Can you look inside and tell me what´s in there?

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

====================

Please open Malwarebytes' Anti-Malware, click the Update tab and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan and click Scan. Please post the resulting log in your next reply.

Ok in the weird folder is:

Firstly the folder has an image of a padlock on it. However there is no problems when double clicking on it.

Inside is,

Two folders date modified yesterday. they are, ElevatedDiagnostics and Microsoft.

Inside ElevatedDiagnostics is a folder titled - 2550435360

Inside that folder is 4 file folders and one cabinet file.

they are,

2011062815.000
2011062818.000
2011062900.000
2011062901.000

latest - is the cabinet file

inside the first file folder (2011062815.000) is 6 xml Documents, 1 Registration Entries and 1 XSL Stylesheet

The XML docs are called:

AudioDiagnostic.0.debugreport
AudioDiagnostic.1.debugreport
DeviceDiagnostic.0.debugreport
DeviceDiagnostic.1.debugreport

ResultsReport
results

The RegistrationsEntry file is called:

Registry Log

And the XSL Stylesheet file is called:

results.

Inside the second folder (2011062818.000) is:

4 XML docs and 1 Xsl Doc.

The 4 XML's are called:

AudioDiagnostic.0.debugreport
DeviceDiagnostic.0.debugreport
ResultsReport
results

the Xsl is called:

results.

In the 3rd folder (2011062900.000) is:
the same as the first foler but with more recent date modified times.

And in the 4th folder (2011062901.000) is:
the same as the 2nd folder but with more recent date modified times.

Ok so back to the weird folder the second folder in it was called microsoft. In this folder is:

a folder called Device Metadata. Inside this folder is a folder called dmrccache and a IDX file called dmrc.idx.

Inside the dmrccache folder is nothing.

Hope this helps I will get back to you asap with the aswMBR and MBAM logs.

Thank you again.

allright seems like a folder creating bug in some Microsoft application.

I thought there were no bugs in Microsoft applications

You can leave that folder alive.

Ok the ASWMBR is running now.

So that folder is safe and not scary and is just random and odd? Should i not delete it?

Though id mention that i conducted the combo fix and currently the aswmbr scans in safe mode and with AVAST disabled (Beacause of the instructions from combofix) does this affectg anything?

When I woke up this morning Avast told me I had 7000+ infected files. Also it says im to secure or protected or something in big red letters?

How long roughly does the aswmbr scan take? It has again seemed to have stopped or am I being impatient? Was the first one I sent not fully finished?

thank you again!

apolgies for the typo.

correction:

When I woke up this morning Avast told me I had 7000+ infected files. Also it says im NOT secure or protected or something in big red letters?

sorry.

aswMBR should run in a matter of seconds.

I think Avast has been compromised by the malware. I saw some Avast services/drivers that were nuked. I think the best thing you can do is uninstall Avast and reinstall it again.

ok ill uninstal and reinstall avast after these to logs are completed.

aswmbr has stopped at this point:

scanning: C:/windows/serviceprofiles/localservice/appdata/roaming/microsoft/UPnP

it doesnt say succesfully completed neither did it last time?

What shall i do next? Shall i stop aswmbr and do a mbam scan or try another aswmbr scan (though this is what it did the first time)? shall i unisntall and reinstall avast yet?

Sorry for my incompentence.

That is a bit strange. aswMBR should run quite quickly.

I´d say do the things in this order (all in normal mode, not safe mode):
uninstall avast
MBAM scan
retry aswMBR

If aswMBR doesn´t work:

Download GMER Rootkit Scanner from here and save it to your desktop.
Note that it will have a random name.

• Double click the file to run the tool. It may take a while to load.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  
• In the right panel, you will see several boxes that have been checked
  
• Make sure this is unchecked: Show All
  
• Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  
• Click Scan to start the scan
  
• When it has finished, click Save and save the log as gmer.txt on your desktop
  
• If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  
• Click OK to quit GMER.
  
• Please post the contents of gmer.txt into your next reply.

We will re-install Avast later.

quick question,

quick or full scan with mbam?

quick scan

Ok so it worked this time.

Firstly I thought i'd mention that since ive restarted in normal mode the computer is running really slowly much slower than ever before and also when i opened firefox it came up with an error message.

The message said:

Download error - c:/users/richard/downloads/setup_av_free.exe part could not be saved because the source file could not be read.

Try again later or contact the server administrator. (I just exited the window rather than clicking OK)

Is this important in anyway?

Ok here is the MBAB log:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6975

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29/06/2011 14:41:26
mbam-log-2011-06-29 (14-41-26).txt

Scan type: Quick scan
Objects scanned: 168722
Time elapsed: 4 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And here is the aswmbr log:


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-29 14:45:38
-----------------------------
14:45:38.477 OS Version: Windows 6.1.7600
14:45:38.477 Number of processors: 2 586 0x170A
14:45:38.477 ComputerName: RICHARD-PC UserName: Richard
14:45:40.240 Initialize success
14:45:51.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:51.593 Disk 0 Vendor: ST925031 0001 Size: 238475MB BusType: 3
14:45:51.624 Disk 0 MBR read successfully
14:45:51.640 Disk 0 MBR scan
14:45:51.640 Disk 0 unknown MBR code
14:45:51.640 Disk 0 scanning sectors +488394752
14:45:51.687 Disk 0 scanning C:\windows\system32\drivers
14:45:57.615 Service scanning
14:45:58.551 Disk 0 trace - called modules:
14:45:58.597 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:45:58.613 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d315a0]
14:45:58.613 3 CLASSPNP.SYS[8c22259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f3a028]
14:45:58.629 Scan finished successfully
14:46:07.505 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
14:46:07.521 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"


Thank you again!!!!

Well that looks all mightly clean

You have uninstalled Avast?

If you cannot download it from the main site, try something like download.com

http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html

I´m kind of surprised that your system is slow now. So because we like scans and such, please perform the GMER scan I recommended before.

Run GMER before re-installing Avast

Will GMER inform me that it has finished? it seems to have stalled otherwise?

Is GMER a long scan or short like the last one?

Somewhere in the bottom of the screen you should see which file/folder is being scanned.

GMER is not a particularly quick scan.

Ok well it's deffinetly still going. Will get back to as soon as it's finished.

Hi just an update the GMER is still running but it's been on one thing for more than an hour.

In the main section the bit with type/name/value

it's been checking

Type

reg

name

HKLM/SOFTWARE/Microsoft/windows media player NSS/3.0/Servers/0C5F5203-BAAA-4C7E-94B0-679CDD6609B0@IPAddress

value

::1

it's been looking through this for ages. When I started the scan the computer was connected to the internet? is this a problem?

ok im on another computer. The scan didnt finshed and it went to a blue screen and said it was dumping physical memory or something it was only there briefly before rebooting and just staying on a black screen. Help?

Hello again.

Updates I had to force it to shutdown as it was on the black screen for ages.

Ive tried the GMER scan a couple more times in normal and safe modes. It seems to get stuck on a loop looking at jpegs.

This is where it get stuck:

c:/windows/serviceprofiles/networkservice/appdata/local/microsoft/mediaplayer/artcache/localmls (followed by long list of numbers .jpeg)

these would cycle continously or just pause.

Thanks again!

OK, we´ll try another rootkit scan if GMER doesn´t work properly.

Please download RootkitUnhooker by EP-X0FF from here and save it to your desktop.

• You need to unpack this .rar file, for example using WinRar (not a free program) or 7-Zip (free program).
  
• After extracting the archive, doubleclick RkU3.8.388.590.exe to run the setup program.
  
• Install the tool into a folder with random name, as instructed by the setup program.
  
• Close all programs and windows before running this tool.
  
• Browse to this folder and double click the randomly named .exe that is in the folder (NOT the unins000.exe) to run RootkitUnhooker.
  
• Wait a moment for the user interface to pop up and click the Report tab.
  
• Click the Scan button, verify that all options are checked and click OK.
  
• During the scan a Select Disks for Scan window will pop up. Select your system disk (usually C:\) and no other disks and hit OK.
  
• The files and folders scan will take some time, so please be patient.
  
• When finished, choose File > Save Report from the menu and save the report.
  
• Please copy & paste the entire report in your next reply. You may need multiple posts for this.

ok i have it in a randomly named folder but when i double clicked it with all windows and programmes shut it came up with this message.

rootkit unhooker has detected a parisite inside itself!

it is reccomended to remove the parisite Ok?

parisite type: unknown remote threat
thread ID: 4572
priority: 8
thread start address:0x7782EC2E
Module: ntdll.dll

It gives the options OK or Cancel

What should I Do?

just click cancel and allow it to run.

Ok well it started kinda?

it asked which drive and i selected C

but now it appears to be doing nothing? it's not showing filesbeing scanned or anything? The computer isnt connectedd to the internet. Could this be why it's not doing anything?

It's currently saying:

Please wait while RkU makes a scan youi can stop scan be pressing "cancel"

getting list of files and directories (C:\)

It has also selected the stealth code tab then the Files tab. So it is no longer on the report tab that I had selected.

My dad is wanting to format the laptop to factory settings?Is this a good idea? It seems quite drastic?

The "getting list of files and directories (C:\)" takes quite while.
The file scan takes even more.

Just let it run.

And yes, restoring to factory settings seems a bad idea. I think your computer is clean of malware.

We´re just making sure with a full blown rootkit scan.

ok thankyou.

It does appear to have started. It says disk low but is working.

Will get back to you with the log asap.

It would appear the scan has halted like GMER.

The loading bar has not moved at all for over an hour.

There are lots of items (20 - 30) in the suspect file list with the status's all saying Hidden.

hmm... can you show me those results in some way?

Can i post a photo on here?

you can attach files to posts in e.g. jpg format

there are more on the scroll down but it wont let me touch it as the san progress window bleeps.

have i uploaded it?

OK, nothing of this is hidden malware.

I think you are clean and the slowliness of your computer is not caused by malware. Maybe load some less programs on startup and run a defrag program. Stuff like that can increase the speed.

Most malware is very present in the form of redirects or unsolicited advertisements.

If you really want to run another scan, try something like a antivirus rescue disk. Several exist that you can download & burn, for example Avira.

Any more questions or shall we proceed with closing this case and cleaning up tools we used?

So ill cancel that scan that seems to have halted yeah?

Ok so I need to unistall/remove a few programmes?

And reinstall Avast? If avast finds anything again like before ill post here yeah?

Time to uninstall used tools.

• Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  
• Double click OTL.exe to run it again and click the CleanUp button.
  
• Uninstall Rootkitunhooker as well
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

Yes, reinstall avast (or any other antivirus you might like). If it finds 7K threats again, let me know

One more thing: you need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 26

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 26).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

ok ill do these and get back to you soon.

What would you reccomend as a free anti virus? Avast? AVG? or?

Thank you for your help!

Ok i cant locate OTL?

or find a way of uninstalling aswMBR and GMER?

In my task manager is shows 5 seperate firefox.exe processes running? I only have one firefox window open?

aswmbr or gmer you just delete from the desktop.

Those extra firefox processes can be killed.

If this problem reproduces I´d say reinstall firefox. If that doesn´t solve it, you may need to come back for more.

Check out my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean) for antivirus recommendation, among other things:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

Avast on restart has stayed on a balck load up screen and is doing a scan it's found lots of win32:prefploy's and ramnit g's?

it's going crazy finding them every second.exedroppergen's?

So I am a bit surprised here
Malwarebytes could not find a thing
and Avast! goes nuts.

Lets go for a third opinion.

• Please download TFC (Temp File Cleaner) by OldTimer from here and save it to your desktop.
  
• Close all programs before proceeding with the next step.
  
• Double-click TFC.exe to start the cleaning process and allow it to run
  
• Depending on the amount of files that needs to be deleted this can take seconds or up to several minutes.
  
• If requested, allow TFC to reboot your computer to finish the cleaning process.

====================

We´re going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:

• Use Internet Explorer to browse to the ESET Online Scanner webpage
  
• Click the green ESET Online Scanner button
  
• A popup window will open
  
• Accept the terms of use and click Start
  
• Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  
• Click Start
  
• When the scan has finished and threats were found, click List of found threats
  
• Click Export to text file and save it as e.g. eset.txt on your desktop
  
• Click Back
  
• Select Uninstall application on close
  
• Click Finish. ESET Online Scanner will now uninstall itself
  
• Please post the contents of the eset.txt in your next reply.

Hello again,

My dad went along with the complete reformat last night.

It seems clean now.

I do want to ask a couple of things:

1 - reccomendations and tips for enhancing security

2- My dad burned a selection of files/photos/pdfs onto DVD before he re-formatted. How do I know these will be safe?

Thanks for all your help. Have you ever heard of such a bad virus?