1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

I've got a problem (solved)

Discussion in 'Malware Removal Help' started by I4N, Nov 30, 2009.

  1. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Hi all,
    I need some help please, I've got an infection.
    My system is Vista Basic on a HP Compaq 6720s Laptop.
    I use Avast, Superantispyware & Malaware bytes.
    I was surfing around on some fishing web sites, clicked a link and then I got what from others descriptions and the way the pop ups behaved was a trojan. False warning messages about infections etc etc. Think it was under the guise of AntiSpyware Pro or something like that.
    I immediately came off the web and ran Superantispyware which found trojan droppers, and various other crap. I should have wrote down the findings but thought that S/A/S would deal with them. It has cleared out thje trojans but there is a legacy left behind.
    This legacy is preventing Super' Malaware & Avast from updating.
    I just tried to install Eset online scanner and it will not get the updates as the 1st stage of operation.
    I realise evrything in life should be perfect and Avast should have snagged this trojan/malware crap but I am going to need some help here. :( getting rid of this.
    Thanks in advance.
     
  2. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
  3. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi I4N

    Let's see if we can hit this quick, before it effects anything else.

    Step 1
    Please download:
    Rkill
    and save it to your Desktop.
    Run the tool by clicking on it.

    Don't reboot your system until you have completed the next step

    Step 2
    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    [​IMG]


    [​IMG]

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
      For more information read:
      How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

      Then:

      Double click on Combo-Fix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

      If running Vista, you may not see this screen
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    Step 3
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    .
    .
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    In your next reply, please submit:
    Combofix.txt
    Both scan reports from OTL.


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  4. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    Starbuck, first of all, thanks for what you do, I apologise in advance, this is going to be a long post :eek:
    Before you had posted, I have been doing what Barry suggested in his post, here are the things that are occuring.

    1. I always use Ccleaner just before I switch off so all Temp files etc are always dumped.

    2. I regularly use Malwarebytes so it was already installed but as I mentioned in the initial post, it will not update and gives error code :732(0,0)
    I started the scanner and made and ate dinner, came back to find after 2h 20m it was locked in a loop showing no infections, the time and files scanned counter still running but keeps scanning through "C:\USERS\IAN\AppData\Roaming\Microsoft\ and then very quickly running through these extensions Windows
    Internet Explorer
    Start Menu
    Themes
    Photo Gallery
    Quick Launch
    Templates
    Building Blocks
    Dictionary
    Speech
    Desktop
    HTML
    Protect
    and probably some more but heres the thing, some of these have loads of strange extensions like"????&&77%%%????555555555?????? and all sorts of junk. Remember these are only on the screen for a fraction of a second. I aborted the scan :(

    3. Rkill will not load.

    4. OTL will not load, gives message "OTL.Exe which is a Binary File from ****
    would you like to save this file" but the SAVE FILE button is greyed out.:(

    5. Tried to use RootRepeal and got the following results :-
    Drivers and programs warning message "Device Io controller error code = 0x0."
    Hidden Services warning message "Could not read System Registry !"
    SSDT warning message " The SSDT in our driver has been faked (0x00000250)!"

    6. OTL will not load.

    7. While Combofix was running, a warning window apeared as follows "PEV.Exe has stoped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.".

    8. As mentioned above, I got Combofix to run but get this message when I try to attach the file " combofix scan log.txt:
    Your file of 20.2 KB bytes exceeds the forum's limit of 19.5 KB for this filetype." any ideas ? :confused:

    Sorry once again for such a longwinded post as all of this has taken 3+ hours to do but I hope the details supplied will help as I think I am in deep dodo here :yikes:
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi I4N

    It's no problem. The more info i have the better.
    There is more we can do, but i need to see the combofix.txt first.
    See if you can do as i asked in my PM.
    If that doesn't work...........
    Split the combofix.txt into 2 parts.
    Copy and paste the 1st half into a reply, then do the same for the second half.

    Thanks
     
  6. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Thanks for that.

    ComboFix 09-12-01.01 - IAN 01/12/2009 19:25.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1015.375 [GMT 0:00]
    Running from: c:\users\IAN\Downloads\ComboFix.exe
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-14078727-2785561449-2013177289-500
    c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
    c:\$recycle.bin\S-1-5-21-3004094700-1292148700-1120296016-500
    c:\windows\system32\oem56.inf
    c:\windows\system32\oem63.inf
    c:\windows\system32\oem67.inf
    F:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-11-01 to 2009-12-01 )))))))))))))))))))))))))))))))
    .

    2009-12-01 19:41 . 2009-12-01 19:41 -------- dc----w- c:\users\Default\AppData\Local\temp
    2009-12-01 19:41 . 2009-12-01 19:41 -------- d-----w- c:\users\Sue\AppData\Local\temp
    2009-12-01 18:53 . 2009-12-01 18:53 0 -c--a-w- c:\windows\system32\settings.dat
    2009-12-01 16:21 . 2009-12-01 16:21 -------- dc----w- C:\Desktop
    2009-11-30 23:10 . 2009-11-30 23:10 -------- dc----w- c:\program files\ESET
    2009-11-30 22:45 . 2009-11-30 22:45 117760 -c--a-w- c:\users\IAN\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-11-30 22:42 . 2009-11-30 22:42 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-30 21:02 . 2009-11-30 22:18 -------- dc----w- c:\users\IAN\AppData\Local\tpmebl
    2009-11-25 12:46 . 2009-10-29 09:17 2048 -c--a-w- c:\windows\system32\tzres.dll
    2009-11-25 12:24 . 2009-08-11 16:44 1401856 -c--a-w- c:\windows\system32\msxml6.dll
    2009-11-25 12:24 . 2009-08-11 16:44 1248768 -c--a-w- c:\windows\system32\msxml3.dll
    2009-11-18 21:37 . 2009-11-18 21:37 -------- dc----w- c:\program files\Windows Portable Devices
    2009-11-18 20:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2009-11-18 20:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2009-11-18 20:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2009-11-18 20:04 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
    2009-11-18 20:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2009-11-18 20:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2009-11-18 20:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
    2009-11-10 20:45 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
    2009-11-10 20:42 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-03 21:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
    2009-11-03 21:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
    2009-11-03 21:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2009-11-03 21:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
    2009-11-03 21:14 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
    2009-11-03 21:14 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
    2009-11-03 21:14 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
    2009-11-03 21:14 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
    2009-11-03 21:14 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-30 23:35 . 2006-11-09 21:16 12 ----a-w- c:\windows\bthservsdp.dat
    2009-11-30 22:44 . 2009-05-06 17:00 4096 dc----w- c:\program files\SUPERAntiSpyware
    2009-11-30 22:44 . 2009-05-06 17:00 -------- dc----w- c:\users\IAN\AppData\Roaming\SUPERAntiSpyware.com
    2009-11-24 23:54 . 2009-09-22 18:54 1280480 -c--a-w- c:\windows\system32\aswBoot.exe
    2009-11-24 23:50 . 2009-09-22 18:54 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-11-24 23:50 . 2009-09-22 18:54 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-11-24 23:49 . 2009-09-22 18:54 53328 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-11-24 23:49 . 2009-09-22 18:54 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-24 23:48 . 2009-09-22 18:54 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-24 23:47 . 2009-09-22 18:54 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-11-24 08:35 . 2007-12-11 13:28 4096 dc----w- c:\program files\Java
    2009-11-18 21:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-11-18 21:32 . 2009-11-18 21:32 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    2009-11-18 21:32 . 2009-11-18 21:32 0 -c-ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    2009-11-13 11:53 . 2007-12-11 12:51 12288 dc----w- c:\programdata\Microsoft Help
    2009-11-12 19:32 . 2006-11-02 11:18 4096 dc----w- c:\program files\Windows Mail
    2009-11-02 20:42 . 2009-10-02 17:54 195456 -c----w- c:\windows\system32\MpSigStub.exe
    2009-10-30 20:55 . 2009-06-22 11:10 -------- dc----w- c:\users\IAN\AppData\Roaming\ZoomBrowser EX
    2009-10-28 18:56 . 2009-06-22 11:26 -------- dc----w- c:\users\IAN\AppData\Roaming\CameraWindowDC
    2009-10-24 17:25 . 2009-10-24 17:25 4096 dc----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2009-10-20 21:05 . 2006-11-02 12:35 -------- dc----w- c:\program files\Windows Calendar
    2009-10-20 21:05 . 2006-11-02 12:35 4096 dc----w- c:\program files\Windows Sidebar
    2009-10-20 21:05 . 2006-11-02 12:35 4096 dc----w- c:\program files\Windows Photo Gallery
    2009-10-20 21:05 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Collaboration
    2009-10-20 21:05 . 2006-11-02 12:35 4096 dc----w- c:\program files\Windows Defender
    2009-10-16 21:05 . 2007-12-11 12:56 -------- dc----w- c:\program files\Microsoft SQL Server
    2009-10-11 11:52 . 2009-10-11 11:52 -------- d-----w- c:\users\Sue\AppData\Roaming\Hewlett-Packard
    2009-10-11 04:17 . 2008-12-21 14:55 411368 -c--a-w- c:\windows\system32\deploytk.dll
    2009-10-01 01:02 . 2009-11-18 20:04 2537472 ----a-w- c:\windows\system32\wpdshext.dll
    2009-10-01 01:02 . 2009-11-18 20:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2009-10-01 01:02 . 2009-11-18 20:04 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
    2009-10-01 01:02 . 2009-11-18 20:04 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
    2009-10-01 01:01 . 2009-11-18 20:04 546816 ----a-w- c:\windows\system32\wpd_ci.dll
    2009-10-01 01:01 . 2009-11-18 20:04 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
    2009-10-01 01:01 . 2009-11-18 20:04 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
    2009-10-01 01:01 . 2009-11-18 20:04 350208 ----a-w- c:\windows\system32\WPDSp.dll
    2009-10-01 01:01 . 2009-11-18 20:04 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
    2009-10-01 01:01 . 2009-11-18 20:04 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
    2009-10-01 01:01 . 2009-11-18 20:04 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2009-10-01 01:01 . 2009-11-18 20:04 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
    2009-10-01 01:01 . 2009-11-18 20:04 226816 ----a-w- c:\windows\system32\WpdMtp.dll
    2009-10-01 01:01 . 2009-11-18 20:04 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
    2009-10-01 01:01 . 2009-11-18 20:04 33280 ----a-w- c:\windows\system32\WpdConns.dll
    2009-09-25 02:10 . 2009-11-18 20:05 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2009-09-25 02:07 . 2009-11-18 20:05 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2009-09-25 02:04 . 2009-11-18 20:05 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2009-09-25 01:49 . 2009-11-18 20:05 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2009-09-25 01:48 . 2009-11-18 20:05 351232 ----a-w- c:\windows\system32\XpsPrint.dll
    2009-09-25 01:38 . 2009-11-18 20:05 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2009-09-25 01:36 . 2009-11-18 20:05 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2009-09-25 01:35 . 2009-11-18 20:05 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2009-09-25 01:33 . 2009-11-18 20:05 195584 ----a-w- c:\windows\system32\dxdiagn.dll
    2009-09-25 01:33 . 2009-11-18 20:05 829440 ----a-w- c:\windows\system32\d3d10warp.dll
    2009-09-25 01:33 . 2009-11-18 20:05 369664 ----a-w- c:\windows\system32\WMPhoto.dll
    2009-09-25 01:32 . 2009-11-18 20:05 252928 ----a-w- c:\windows\system32\dxdiag.exe
    2009-09-25 01:31 . 2009-11-18 20:05 519680 ----a-w- c:\windows\system32\d3d11.dll
    2009-09-25 01:31 . 2009-11-18 20:05 486912 ----a-w- c:\windows\system32\d3d10level9.dll
    2009-09-25 01:31 . 2009-11-18 20:05 161280 ----a-w- c:\windows\system32\d3d10_1.dll
    2009-09-25 01:31 . 2009-11-18 20:05 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
    2009-09-25 01:31 . 2009-11-18 20:05 1030144 ----a-w- c:\windows\system32\d3d10.dll
    2009-09-25 01:31 . 2009-11-18 20:05 828928 ----a-w- c:\windows\system32\d2d1.dll
    2009-09-25 01:30 . 2009-11-18 20:05 481792 ----a-w- c:\windows\system32\dxgi.dll
    2009-09-25 01:30 . 2009-11-18 20:05 190464 ----a-w- c:\windows\system32\d3d10core.dll
    2009-09-25 01:27 . 2009-11-18 20:05 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2009-09-25 01:27 . 2009-11-18 20:05 37888 ----a-w- c:\windows\system32\cdd.dll
    2009-09-25 01:27 . 2009-11-18 20:05 793088 ----a-w- c:\windows\system32\FntCache.dll
    2009-09-25 01:27 . 2009-11-18 20:05 1064448 ----a-w- c:\windows\system32\DWrite.dll
    2009-09-24 22:54 . 2009-11-18 20:05 258048 ----a-w- c:\windows\system32\winspool.drv
    2009-09-24 22:54 . 2009-11-18 20:05 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2009-09-24 22:54 . 2009-11-18 20:05 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2009-09-22 21:09 . 2009-09-22 21:09 0 -c--a-w- c:\windows\nsreg.dat
    2009-09-22 20:09 . 2009-06-05 19:29 4045528 -c--a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-09-17 10:35 . 2009-09-17 10:35 86016 -c--a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2009-09-14 09:29 . 2009-10-16 17:45 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-09-11 12:41 . 2009-09-11 12:41 471664 -c--a-w- c:\programdata\Google\Google Toolbar\Update\gtbC5FE.tmp.exe
    2009-09-10 16:48 . 2009-10-16 17:52 218624 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 14:59 . 2009-10-28 18:38 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-09-10 14:58 . 2009-10-28 18:38 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-09-10 13:54 . 2009-04-11 19:22 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2009-04-11 19:22 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-10 10:48 . 2009-10-11 11:52 93552 -c--a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
    2009-09-10 10:48 . 2009-10-11 11:52 12288 -c--a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
    2009-09-10 10:48 . 2009-10-11 11:52 9728 -c--a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
    2009-09-04 11:41 . 2009-10-16 17:45 60928 ----a-w- c:\windows\system32\msasn1.dll
    2008-06-01 19:36 . 2008-06-01 19:36 22 -csha-w- c:\windows\SMINST\HPCD.sys
    2007-12-11 11:36 . 2007-12-11 11:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]
    "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
    "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 192512]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]

    c:\users\IAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\desktop\AUTOBACK.EXE [2005-10-20 38912]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-4-25 192512]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 14:21 548352 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
    2007-06-08 17:04 49152 -c--a-r- c:\windows\System32\DeviceNP.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):f4,f0,be,15,ca,51,ca,01

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [22/09/2009 18:54 114768]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [22/09/2009 18:54 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [22/09/2009 18:54 53328]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [11/12/2007 12:59 540448]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/11/2006 10:25 167936]
    S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [11/12/2007 13:12 30008]
    S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [08/06/2007 17:06 172131]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [01/06/2008 22:11 21504]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-22 c:\windows\Tasks\HPCeeScheduleForSue.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-11 22:46]

    2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{12B417EB-607E-4A7A-AD88-A9BE5A27EB69}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-01 22:33]

    2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{173F25BE-1EB6-4333-92DF-962052E0BD0E}.job
    - c:\windows\system32\msfeedssync.exe [2008-06-01 22:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=smb&pf=laptop
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>
    IE: &3D Satellite Search - c:\users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
    IE: S&earchSave Web Search - c:\users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
    FF - ProfilePath - c:\users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\
    FF - prefs.js: browser.search.selectedEngine - Surf Canyon
    FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial|www.carp-uk.net/forum/forum.asp?FOR...ms.net/|www.ebay.co.uk|http://webmail.aol.com
    FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p=
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe REMOVE=TRUE MODIFY=FALSE
    AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
    AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe verbose
    AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-12-01 19:41
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
    "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2009-12-01 19:48
    ComboFix-quarantined-files.txt 2009-12-01 19:48

    Pre-Run: 34,810,351,616 bytes free
    Post-Run: 34,796,929,024 bytes free

    - - End Of File - - 0F73FD9ECF27393C616F98F508969221
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Ok, let's try this then:

    Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix.
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of log.txt ( Will be created in the directory where you ran exeHelper.com )
    Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

    Then remove your copy of Malwarebytes and download a fresh copy and scan as per these instructions:

    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • On the Scanner tab:
      • Make sure the "Perform Full Scan" option is selected.
      • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Thanks
     
  8. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    O.K. Starbuck,
    I downloaded exeHelper, ran it O.K. checked the log, does'nt seem anything in there.
    Deleted then reloaded Malwarebytes and started to run a scan, answered a phone call and when I looked back to the screen it was going through it's BIOS startup sequence :huh: Once it restarted I got a warning window as follows " Widows has recovered from an unexpected shutdown.
    Problem Details :
    Problem Signature:
    Problem Event Name : Blue Screen
    OS Version: 6.0.60002.2.0.768.2
    Locate ID : 2057
    Additional information about the problem
    BC Code : 50
    BCP1 : BA17A000
    BCP2 : 00000000
    BCP3 : 81EE3033
    OS Version : 6_0_6002
    Service Pack : 2.0
    Product : 768_1
    Files that describe the problem :
    C:\Windows \minidump\mini120209-01.dmp
    C:\Users\IAN\AppData\Local\Temp\WER-63570-0sysdata.xml
    C:\USERS\IAN\AppData\Local\Temp\WERED4.tmp.version.txt

    I then ran Malwarebytes again and it ran O.K. and found 2 infections which I have dealt with using Malwarebytes to remove them.

    Hope this is the last of it, I will attach the log files as requested.

    I think I will do an Esset on-line scan once I have posted this.

    Many thanks once again.
     
  9. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    woops forgot the logs, here goes.
     
  10. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi I4N

    Ok, beginning to look a bit better.

    Let's have a clean up and then see if we can get this OTL scan completed.

    Step 1
    Download TFC by OldTimer to your desktop
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    Step 2
    • Download OTL to your desktop.
      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    .
    .
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    In your next reply, please submit:
    Both reports from OTL.


    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  11. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    TFC and OTL both worked :)
    I will post the log contents.

    OTL logfile created on: 02/12/2009 20:44:37 - Run 1
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\IAN\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1014.52 Mb Total Physical Memory | 139.67 Mb Available Physical Memory | 13.77% Memory free
    2.24 Gb Paging File | 1.11 Gb Available in Paging File | 49.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 65.88 Gb Total Space | 32.25 Gb Free Space | 48.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
    Drive F: | 7.09 Gb Total Space | 0.74 Gb Free Space | 10.40% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IAN-PC
    Current User Name: IAN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\IAN\Downloads\OTL(2).exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
    PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
    PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
    PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
    PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
    PRC - C:\Windows\SMINST\Scheduler.exe ()
    PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    PRC - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\IAN\Downloads\OTL(2).exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
    SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
    SRV - (RoxMediaDB9) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
    SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    SRV - (stllssvr) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
    SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
    DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
    DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP for Small Business

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP for Small Business
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Surf Canyon"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial|www.carp-uk.net/forum/forum.asp?FORUM_ID=1|www.bbc.co.uk/|www.computerhelpforums.net/|www.ebay.co.uk|http://webmail.aol.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.7
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
    FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.2
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3.1
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9948
    FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.44.19.20090811.3
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
    FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.2
    FF - prefs.js..extensions.enabledItems: tabpopup@adarsh.tp:1.2.1
    FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p="


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/09 19:43:04 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/09 19:43:04 | 00,000,000 | ---D | M]

    [2008/12/21 15:08:48 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Extensions
    [2009/12/02 20:17:51 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions
    [2009/07/28 20:04:42 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2009/11/02 20:09:26 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2009/07/28 20:04:57 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    [2009/10/13 06:26:29 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    [2009/11/14 14:18:02 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
    [2009/11/02 20:09:27 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2009/10/13 06:26:28 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
    [2009/09/09 17:25:03 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/09/09 17:37:48 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2009/11/02 20:09:27 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\isreaditlater@ideashower.com
    [2009/10/22 20:46:25 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\personas@christopher.beard
    [2009/09/09 20:27:31 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\tabpopup@adarsh.tp
    [2009/11/29 15:25:14 | 00,002,291 | ---- | M] () -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\searchplugins\surf-canyon.xml
    [2009/11/24 08:35:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/08/18 15:08:17 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2009/08/18 15:08:17 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2009/08/18 15:08:18 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2009/08/18 15:08:18 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: (306049 bytes) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 132???
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 toyota landcruiser certified naruto episodes at 136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 10538 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &3D Satellite Search - C:\Users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll ()
    O8 - Extra context menu item: S&earchSave Web Search - C:\Users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/02 17:09:56 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
    [2009/12/02 17:01:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2009/12/02 17:01:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2009/12/02 17:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/01 19:23:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2009/12/01 19:23:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2009/12/01 19:23:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2009/12/01 19:23:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2009/12/01 19:22:22 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/01 16:21:59 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2009/12/01 16:21:12 | 00,000,000 | ---D | C] -- C:\Desktop
    [2009/11/30 23:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
    [2009/11/30 22:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/11/30 22:42:40 | 00,000,000 | ---D | C] -- C:\Config.Msi
    [2009/11/30 21:02:19 | 00,000,000 | ---D | C] -- C:\Users\IAN\AppData\Local\tpmebl
    [2009/11/25 12:46:26 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2009/11/25 12:24:28 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
    [2009/11/24 08:35:34 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2009/11/24 08:35:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2009/11/24 08:35:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2009/11/18 21:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2009/11/18 20:06:03 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
    [2009/11/18 20:06:03 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
    [2009/11/18 20:06:03 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
    [2009/11/18 20:05:29 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
    [2009/11/18 20:05:27 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2009/11/18 20:05:27 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2009/11/18 20:05:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2009/11/18 20:05:26 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
    [2009/11/18 20:05:26 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2009/11/18 20:05:26 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2009/11/18 20:05:26 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2009/11/18 20:05:26 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2009/11/18 20:05:26 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2009/11/18 20:05:26 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2009/11/18 20:05:26 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
    [2009/11/18 20:05:26 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2009/11/18 20:05:26 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2009/11/18 20:05:25 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
    [2009/11/18 20:05:25 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2009/11/18 20:05:25 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
    [2009/11/18 20:05:25 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2009/11/18 20:05:25 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
    [2009/11/18 20:05:25 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2009/11/18 20:05:25 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
    [2009/11/18 20:05:25 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2009/11/18 20:05:25 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
    [2009/11/18 20:05:25 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2009/11/18 20:05:24 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
    [2009/11/18 20:04:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
    [2009/11/18 20:04:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2009/11/18 20:04:42 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
    [2009/11/18 20:04:39 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
    [2009/11/18 20:04:39 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
    [2009/11/18 20:04:38 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2009/11/18 20:04:38 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
    [2009/11/18 20:04:38 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
    [2009/11/18 20:04:38 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
    [2009/11/18 20:04:38 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
    [2009/11/18 20:04:38 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
    [2009/11/18 20:04:38 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
    [2009/11/18 20:03:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
    [2009/11/18 20:03:09 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
    [2009/11/10 20:45:22 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2009/11/10 20:42:23 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
    [2009/11/03 21:14:59 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2009/11/03 21:14:59 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2009/11/03 21:14:18 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2009/11/03 21:14:18 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2009/11/03 21:14:17 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2009/11/03 21:14:00 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2009/11/03 21:14:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

    ========== Files - Modified Within 30 Days ==========

    [2009/12/02 20:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{12B417EB-607E-4A7A-AD88-A9BE5A27EB69}.job
    [2009/12/02 20:44:23 | 03,145,728 | -HS- | M] () -- C:\Users\IAN\ntuser.dat
    [2009/12/02 20:38:44 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/12/02 20:38:44 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/12/02 20:36:59 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/12/02 20:36:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/12/02 20:35:34 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2009/12/02 20:35:17 | 00,524,288 | -HS- | M] () -- C:\Users\IAN\ntuser.dat{97111685-1ba9-11dd-95fa-001f2981b49e}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/02 20:35:17 | 00,065,536 | -HS- | M] () -- C:\Users\IAN\ntuser.dat{97111685-1ba9-11dd-95fa-001f2981b49e}.TM.blf
    [2009/12/02 18:47:21 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{173F25BE-1EB6-4333-92DF-962052E0BD0E}.job
    [2009/12/02 18:22:12 | 06,291,456 | -H-- | M] () -- C:\Users\IAN\AppData\Local\IconCache.db
    [2009/12/02 17:09:40 | 17,662,3152 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2009/12/02 17:01:09 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/01 19:41:38 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2009/12/01 18:53:55 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
    [2009/12/01 16:21:13 | 00,000,527 | ---- | M] () -- C:\Users\IAN\Desktop\NTREGOPT.lnk
    [2009/12/01 16:21:13 | 00,000,508 | ---- | M] () -- C:\Users\IAN\Desktop\ERUNT.lnk
    [2009/11/30 22:44:39 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/30 16:22:03 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2009/11/29 21:04:47 | 00,001,670 | ---- | M] () -- C:\Users\IAN\Desktop\CCleaner.lnk
    [2009/11/24 23:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
    [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2009/11/24 23:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2009/11/24 23:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
    [2009/11/22 16:26:59 | 00,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSue.job
    [2009/11/18 21:46:59 | 00,769,132 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2009/11/18 21:46:59 | 00,655,414 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2009/11/18 21:46:59 | 00,127,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2009/11/18 21:32:31 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2009/11/18 21:32:18 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
    [2009/11/13 12:20:18 | 14,689,586 | ---- | M] () -- C:\Users\IAN\Documents\LG TV Manual.pdf
    [2009/11/12 19:35:25 | 00,423,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2009/12/02 17:09:40 | 17,662,3152 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2009/12/02 17:01:09 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/01 19:23:04 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
    [2009/12/01 19:23:04 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2009/12/01 19:23:04 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2009/12/01 19:23:04 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2009/12/01 19:23:04 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2009/12/01 18:53:55 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
    [2009/12/01 16:21:13 | 00,000,527 | ---- | C] () -- C:\Users\IAN\Desktop\NTREGOPT.lnk
    [2009/12/01 16:21:13 | 00,000,508 | ---- | C] () -- C:\Users\IAN\Desktop\ERUNT.lnk
    [2009/11/30 22:44:39 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/18 21:32:31 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2009/11/18 21:32:18 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2009/11/13 12:20:17 | 14,689,586 | ---- | C] () -- C:\Users\IAN\Documents\LG TV Manual.pdf
    [2009/10/20 20:38:24 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/04/23 17:45:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/12/21 14:50:14 | 00,266,240 | ---- | C] () -- C:\Windows\System32\EFOToolbar.dll
    [2008/12/21 14:48:28 | 00,276,448 | ---- | C] () -- C:\Users\IAN\AppData\Local\Open Source Software Bundle Installer2.exe
    [2008/06/19 20:09:29 | 00,000,323 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/04/25 20:12:44 | 00,005,632 | ---- | C] () -- C:\Users\IAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\QSwitch.txt
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\DSwitch.txt
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\AtStart.txt
    [2008/04/25 04:48:39 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/04/25 04:48:39 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/04/25 04:48:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/04/25 04:48:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/04/25 04:48:39 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/04/25 04:48:39 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007/08/24 12:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
    [2007/08/24 12:38:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/08/24 12:38:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/08/24 12:28:04 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2007/06/08 17:05:38 | 00,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
    [2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    ========== LOP Check ==========

    [2009/05/22 17:16:12 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2008/04/25 04:50:09 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Hewlett Packard
    [2008/05/17 21:41:43 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\InterVideo
    [2008/12/21 14:52:10 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\OSI
    [2008/12/31 22:49:26 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\SampleView
    [2009/05/22 17:46:35 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\SumatraPDF
    [2009/09/22 21:09:06 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Thunderbird
    [2009/12/02 20:35:34 | 00,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2009/12/02 20:50:00 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{12B417EB-607E-4A7A-AD88-A9BE5A27EB69}.job
    [2009/12/02 18:47:21 | 00,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{173F25BE-1EB6-4333-92DF-962052E0BD0E}.job

    ========== Purity Check ==========


    < End of report >


    And the Extra's Log

    OTL Extras logfile created on: 02/12/2009 20:44:37 - Run 1
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\IAN\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1014.52 Mb Total Physical Memory | 139.67 Mb Available Physical Memory | 13.77% Memory free
    2.24 Gb Paging File | 1.11 Gb Available in Paging File | 49.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 65.88 Gb Total Space | 32.25 Gb Free Space | 48.94% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.85% Space Free | Partition Type: NTFS
    Drive F: | 7.09 Gb Total Space | 0.74 Gb Free Space | 10.40% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IAN-PC
    Current User Name: IAN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    chm.file [open] -- "%SystemRoot%\hh.exe" %1
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{DE3F1BC4-50BB-4C6F-93EB-A5783DF3426F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{013774F7-1947-4721-BD8D-0622ED5AB50C}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
    "{10E67725-2584-4519-8AA9-0EF5420B207D}" = protocol=6 | dir=in | app=c:\users\ian\appdata\local\temp\7zsdd44.tmp\symnrt.exe |
    "{40837E28-8A24-4BE1-92A6-28DFE3C94104}" = protocol=17 | dir=in | app=c:\users\ian\appdata\local\temp\7zsdd44.tmp\symnrt.exe |
    "{44DDD242-5444-4D3C-8B43-8EC812B43385}" = protocol=6 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |
    "{4B0DD4BE-6862-44BA-94E2-59C7C3F8DFAE}" = protocol=17 | dir=in | app=c:\program files\ccleaner\ccleaner.exe |
    "{CAF33563-98F5-422F-B50C-108392EE6168}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
    "TCP Query User{3C52E976-4427-4E14-B321-E5EEC9268A33}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{E7FC34C5-A7F2-4F08-A345-84AF74E1E6BC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{7794865E-446F-4634-84A5-6EAA146A856C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{DAFEAB9D-88FD-443F-A080-3B02029CE75D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
    "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
    "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
    "{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{89D7B2C2-496E-4F15-BC8B-A1BC349D7401}" = ESU for Microsoft Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast!" = avast! Antivirus
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
    "CCleaner" = CCleaner
    "ERUNT_is1" = ERUNT 1.1j
    "ESET Online Scanner" = ESET Online Scanner v3
    "Extensions Bundle_is1" = Extensions Bundle 1.1
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "PDF Complete" = PDF Complete
    "PhotoStitch" = Canon Utilities PhotoStitch
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) Network Connections Drivers
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RC Plane Master" = RC Plane Master
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SumatraPDF" = Sumatra PDF reader
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 12/11/2009 16:49:06 | Computer Name = IAN-PC | Source = avast! | ID = 33554522
    Description = Internal error has occurred in module aswar scan function failed!,
    function A0000111.

    [ Application Events ]
    Error - 01/05/2009 09:29:52 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 09:29:52 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 09:30:05 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 09:30:05 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 09:30:05 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 09:30:05 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 10:30:56 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 10:30:56 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 10:30:56 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    Error - 01/05/2009 10:30:56 | Computer Name = IAN-PC | Source = SideBySide | ID = 16842811
    Description = Activation context generation failed for "C:\Program Files\Microsoft
    Works\MSWorks.exe".Error in manifest or policy file "C:\Program Files\Microsoft
    Works\MSWorks.exe" on line 0. Invalid Xml syntax.

    [ System Events ]
    Error - 25/11/2009 08:45:36 | Computer Name = IAN-PC | Source = DCOM | ID = 10010
    Description =

    Error - 26/11/2009 11:53:18 | Computer Name = IAN-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 30/11/2009 12:23:14 | Computer Name = IAN-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/11/2009 17:11:03 | Computer Name = IAN-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/11/2009 17:22:51 | Computer Name = IAN-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/11/2009 18:44:51 | Computer Name = IAN-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/11/2009 18:51:41 | Computer Name = IAN-PC | Source = BROWSER | ID = 8032
    Description =

    Error - 01/12/2009 15:25:07 | Computer Name = IAN-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 01/12/2009 15:41:18 | Computer Name = IAN-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 02/12/2009 13:09:55 | Computer Name = IAN-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 17:08:04 on 02/12/2009 was unexpected.


    < End of report >
     
  12. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Don't you love it when a plan comes together :)

    Let's do a little cleaning and then we'll get an online scan done .... just to double check everything.

    Step 1
    You have some old versions of Java which should have been removed.
    Click on Start >> Control Panel
    Click Classic View
    Click Program and Features

    Uninstall the following:
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7


    Reboot the system when completed.

    Step 2
    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :Otl
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    
    :commands
    [emptytemp]
    [purity]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Step 3
    As you have been itching to do this..............

    Go to: Eset Online Scanner
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic,

    Note:
    You will need to use Internet explorer for this scan

    In your next reply, please submit:
    OTL report (that comes up after the fix)
    Eset Online Scanner report

    Any problems getting your Avast to update now?

    Thanks.
     
    Last edited by a moderator: Feb 2, 2014
  13. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    Starbuck,
    I have removed the Java stuff, I have run OTL again with the code insert, I will put the log on the end and I just ran Eset and it came up clean although I couldn't find the options as you mentioned, it just loaded and ran.
    I have managed to update all the stuff, Avast etc but I'm a bit miffed that Avast let this problem through :mad:
    I have a small issue at each startup with Windows telling me there are blocked startup programs but I will work through that once you give me a clean bill of health :D
    Thanks so much for what you have done, no matter how I think of it, I just can;t understand the sheer nastiness of someone setting out to create Trojans etc, sick sick sick :mad::mad:

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: IAN
    ->Temp folder emptied: 877452 bytes
    ->Temporary Internet Files folder emptied: 268929 bytes
    ->Java cache emptied: 13689524 bytes
    ->FireFox cache emptied: 34146778 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sue
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3424 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 46.72 mb


    OTL by OldTimer - Version 3.1.11.4 log created on 12032009_163336

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  14. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi Ian,

    [​IMG]
    It's not the fault of Avast. The malware guys just get better at bypassing things. That's why this job is a never ending learning cycle.
    Does it say what these blocked startups are?
    Think... 'MONEY'. A lot of them do this for money, they get paid to come up with these ideas.
    It's no problem at all, that's why we are here.... to help our members.

    Let me know what the blocked startup entries are and let me have a new OTL report...... i'll then put the 2 together and see if i can see what's going on.
    Use these instructions as you'll need to make a slight change to get the 'Extra.txt' to show.

    Double click on OTL.exe to run it.
    • Under Extra Registry section, select Use SafeList.
    • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

    Thanks.
     
  15. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    The Startup programme thats being blocked is Malwarebytes :confused:
    I had a look at it's propertys etc and there is no selection option for making it run at start or otherwise.

    OTL LOG:
    OTL logfile created on: 03/12/2009 20:39:37 - Run 2
    OTL by OldTimer - Version 3.1.11.4 Folder = C:\Users\IAN\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1014.52 Mb Total Physical Memory | 226.38 Mb Available Physical Memory | 22.31% Memory free
    2.24 Gb Paging File | 1.05 Gb Available in Paging File | 46.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 65.88 Gb Total Space | 31.14 Gb Free Space | 47.27% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 1.55 Gb Total Space | 1.02 Gb Free Space | 65.87% Space Free | Partition Type: NTFS
    Drive F: | 7.09 Gb Total Space | 0.44 Gb Free Space | 6.25% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IAN-PC
    Current User Name: IAN
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Users\IAN\Downloads\OTL(4).exe (OldTimer Tools)
    PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
    PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
    PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
    PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
    PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
    PRC - C:\Windows\SMINST\Scheduler.exe ()
    PRC - C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe ()
    PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    PRC - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    PRC - C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
    PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.)
    PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Users\IAN\Downloads\OTL(4).exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
    SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
    SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
    SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
    SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
    SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
    SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
    SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
    SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
    SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
    SRV - (RoxMediaDB9) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
    SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
    SRV - (stllssvr) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
    SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
    SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
    DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
    DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
    DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
    DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
    DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
    DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
    DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
    DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
    DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
    DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
    DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
    DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
    DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
    DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
    DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
    DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
    DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
    DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
    DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
    DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
    DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
    DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
    DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
    DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
    DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
    DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
    DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
    DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
    DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
    DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
    DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
    DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
    DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
    DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
    DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
    DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
    DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
    DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
    DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
    DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
    DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
    DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
    DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
    DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
    DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
    DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
    DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
    DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
    DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
    DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
    DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
    DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
    DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
    DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
    DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP for Small Business

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP for Small Business
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Surf Canyon"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:eek:fficial|www.carp-uk.net/forum/forum.asp?FORUM_ID=1|www.bbc.co.uk/|www.computerhelpforums.net/|www.ebay.co.uk|http://webmail.aol.com"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:3.9.7
    FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.2.1
    FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.2
    FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.3.1
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9948
    FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.44.19.20090811.3
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
    FF - prefs.js..extensions.enabledItems: {75623d5d-4683-402a-b610-ac4bab767c86}:3.0.2
    FF - prefs.js..extensions.enabledItems: tabpopup@adarsh.tp:1.2.1
    FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_uk&p="


    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/03 19:57:55 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/03 19:57:54 | 00,000,000 | ---D | M]

    [2008/12/21 15:08:48 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Extensions
    [2009/12/02 20:51:48 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions
    [2009/07/28 20:04:42 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
    [2009/11/02 20:09:26 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2009/07/28 20:04:57 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
    [2009/10/13 06:26:29 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    [2009/11/14 14:18:02 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
    [2009/11/02 20:09:27 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2009/10/13 06:26:28 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
    [2009/09/09 17:25:03 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2009/09/09 17:37:48 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2009/11/02 20:09:27 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\isreaditlater@ideashower.com
    [2009/10/22 20:46:25 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\personas@christopher.beard
    [2009/09/09 20:27:31 | 00,000,000 | ---D | M] -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\extensions\tabpopup@adarsh.tp
    [2009/11/29 15:25:14 | 00,002,291 | ---- | M] () -- C:\Users\IAN\AppData\Roaming\Mozilla\Firefox\Profiles\xu9yr8vv.default\searchplugins\surf-canyon.xml
    [2009/11/24 08:35:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2009/08/18 15:08:17 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2009/08/18 15:08:17 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2009/08/18 15:08:18 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2009/08/18 15:08:18 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: (306049 bytes) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 The Search Engine that Does at InfoWeb.net
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 132???
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 toyota landcruiser naruto episodes english at 136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 10538 more lines...
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &3D Satellite Search - C:\Users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll ()
    O8 - Extra context menu item: S&earchSave Web Search - C:\Users\IAN\AppData\Roaming\OSI\dlls\EFOToolbar.dll ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (*) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/03 19:57:17 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/12/03 19:57:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2009/12/03 16:46:19 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2009/12/03 16:33:36 | 00,000,000 | ---D | C] -- C:\_OTL
    [2009/12/02 17:09:56 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
    [2009/12/02 17:01:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2009/12/02 17:01:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2009/12/02 17:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/01 19:23:04 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2009/12/01 19:23:04 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2009/12/01 19:23:04 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2009/12/01 19:23:04 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2009/12/01 19:22:22 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2009/12/01 16:21:59 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2009/12/01 16:21:12 | 00,000,000 | ---D | C] -- C:\Desktop
    [2009/11/30 23:10:50 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
    [2009/11/30 22:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/11/30 21:02:19 | 00,000,000 | ---D | C] -- C:\Users\IAN\AppData\Local\tpmebl
    [2009/11/25 12:46:26 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2009/11/25 12:24:28 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
    [2009/11/24 08:35:34 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2009/11/24 08:35:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2009/11/24 08:35:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2009/11/18 21:37:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
    [2009/11/18 20:06:03 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
    [2009/11/18 20:06:03 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
    [2009/11/18 20:06:03 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
    [2009/11/18 20:05:29 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
    [2009/11/18 20:05:27 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
    [2009/11/18 20:05:27 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
    [2009/11/18 20:05:27 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2009/11/18 20:05:26 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
    [2009/11/18 20:05:26 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2009/11/18 20:05:26 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2009/11/18 20:05:26 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2009/11/18 20:05:26 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2009/11/18 20:05:26 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2009/11/18 20:05:26 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
    [2009/11/18 20:05:26 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
    [2009/11/18 20:05:26 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2009/11/18 20:05:26 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
    [2009/11/18 20:05:25 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
    [2009/11/18 20:05:25 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2009/11/18 20:05:25 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
    [2009/11/18 20:05:25 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
    [2009/11/18 20:05:25 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
    [2009/11/18 20:05:25 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
    [2009/11/18 20:05:25 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
    [2009/11/18 20:05:25 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
    [2009/11/18 20:05:25 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
    [2009/11/18 20:05:25 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
    [2009/11/18 20:05:24 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
    [2009/11/18 20:04:47 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
    [2009/11/18 20:04:47 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
    [2009/11/18 20:04:42 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
    [2009/11/18 20:04:39 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
    [2009/11/18 20:04:39 | 00,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
    [2009/11/18 20:04:38 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
    [2009/11/18 20:04:38 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
    [2009/11/18 20:04:38 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
    [2009/11/18 20:04:38 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
    [2009/11/18 20:04:38 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
    [2009/11/18 20:04:38 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
    [2009/11/18 20:04:38 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
    [2009/11/18 20:03:10 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
    [2009/11/18 20:03:09 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
    [2009/11/10 23:08:24 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
    [2009/11/10 23:08:24 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
    [2009/11/10 20:45:22 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2009/11/10 20:42:23 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
    [2009/11/03 21:14:59 | 02,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
    [2009/11/03 21:14:59 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
    [2009/11/03 21:14:18 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
    [2009/11/03 21:14:18 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
    [2009/11/03 21:14:17 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
    [2009/11/03 21:14:00 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
    [2009/11/03 21:14:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

    ========== Files - Modified Within 30 Days ==========

    [2009/12/03 20:40:00 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{12B417EB-607E-4A7A-AD88-A9BE5A27EB69}.job
    [2009/12/03 20:37:52 | 03,145,728 | -HS- | M] () -- C:\Users\IAN\ntuser.dat
    [2009/12/03 20:36:28 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2009/12/03 20:36:28 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2009/12/03 19:57:41 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2009/12/03 19:43:23 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{173F25BE-1EB6-4333-92DF-962052E0BD0E}.job
    [2009/12/03 16:36:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2009/12/03 16:36:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2009/12/03 16:35:15 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2009/12/03 16:35:01 | 00,524,288 | -HS- | M] () -- C:\Users\IAN\ntuser.dat{97111685-1ba9-11dd-95fa-001f2981b49e}.TMContainer00000000000000000001.regtrans-ms
    [2009/12/03 16:35:01 | 00,065,536 | -HS- | M] () -- C:\Users\IAN\ntuser.dat{97111685-1ba9-11dd-95fa-001f2981b49e}.TM.blf
    [2009/12/02 22:51:15 | 01,501,451 | -H-- | M] () -- C:\Users\IAN\AppData\Local\IconCache.db
    [2009/12/02 17:01:09 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/01 19:41:38 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2009/12/01 18:53:55 | 00,000,000 | ---- | M] () -- C:\Windows\System32\settings.dat
    [2009/12/01 16:21:13 | 00,000,527 | ---- | M] () -- C:\Users\IAN\Desktop\NTREGOPT.lnk
    [2009/12/01 16:21:13 | 00,000,508 | ---- | M] () -- C:\Users\IAN\Desktop\ERUNT.lnk
    [2009/11/30 22:44:39 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/30 16:22:03 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2009/11/29 21:04:47 | 00,001,670 | ---- | M] () -- C:\Users\IAN\Desktop\CCleaner.lnk
    [2009/11/24 23:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
    [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2009/11/24 23:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2009/11/24 23:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
    [2009/11/22 16:26:59 | 00,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSue.job
    [2009/11/18 21:46:59 | 00,769,132 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2009/11/18 21:46:59 | 00,655,414 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2009/11/18 21:46:59 | 00,127,064 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2009/11/18 21:32:31 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2009/11/18 21:32:18 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
    [2009/11/13 12:20:18 | 14,689,586 | ---- | M] () -- C:\Users\IAN\Documents\LG TV Manual.pdf
    [2009/11/12 19:35:25 | 00,423,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/11/10 23:08:24 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
    [2009/11/10 23:08:24 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

    ========== Files Created - No Company Name ==========

    [2009/12/03 19:57:41 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2009/12/02 17:01:09 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/12/01 19:23:04 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
    [2009/12/01 19:23:04 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2009/12/01 19:23:04 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2009/12/01 19:23:04 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2009/12/01 19:23:04 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2009/12/01 18:53:55 | 00,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
    [2009/12/01 16:21:13 | 00,000,527 | ---- | C] () -- C:\Users\IAN\Desktop\NTREGOPT.lnk
    [2009/12/01 16:21:13 | 00,000,508 | ---- | C] () -- C:\Users\IAN\Desktop\ERUNT.lnk
    [2009/11/30 22:44:39 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/18 21:32:31 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2009/11/18 21:32:18 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
    [2009/11/13 12:20:17 | 14,689,586 | ---- | C] () -- C:\Users\IAN\Documents\LG TV Manual.pdf
    [2009/10/20 20:38:24 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/04/23 17:45:38 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/12/21 14:50:14 | 00,266,240 | ---- | C] () -- C:\Windows\System32\EFOToolbar.dll
    [2008/12/21 14:48:28 | 00,276,448 | ---- | C] () -- C:\Users\IAN\AppData\Local\Open Source Software Bundle Installer2.exe
    [2008/06/19 20:09:29 | 00,000,323 | ---- | C] () -- C:\Windows\wininit.ini
    [2008/04/25 20:12:44 | 00,005,632 | ---- | C] () -- C:\Users\IAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\QSwitch.txt
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\DSwitch.txt
    [2008/04/25 05:00:03 | 00,000,000 | ---- | C] () -- C:\Users\IAN\AppData\Local\AtStart.txt
    [2008/04/25 04:48:39 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
    [2008/04/25 04:48:39 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
    [2008/04/25 04:48:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
    [2008/04/25 04:48:39 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
    [2008/04/25 04:48:39 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
    [2008/04/25 04:48:39 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
    [2007/08/24 12:46:48 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
    [2007/08/24 12:38:54 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/08/24 12:38:54 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/08/24 12:28:04 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2007/06/08 17:05:38 | 00,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
    [2006/11/02 10:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/03/09 10:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    < End of report >
     
  16. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi Ian,

    Try this:

    Double click on OTL.exe to run it.
    Copy the lines in the codebox below. (make sure you include the first lot of : )
    Code:
    :Otl
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    
    :commands
    [emptytemp]
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      .
    • Click the red Run Fix button.
    • If OTListIt prompts for permission to reboot the computer, allow it to do so.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log in your next reply.

    Let me know if you still get the startup program problem.
     
    Last edited by a moderator: Feb 2, 2014
  17. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    You the man Starbuck :D:D:D Reboot after running OTL and the startup problems gone :)

    Thanks again buddy, I will post the OTL Log below :-

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes Anti-Malware (reboot) deleted successfully.
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: IAN
    ->Temp folder emptied: 753644 bytes
    ->Temporary Internet Files folder emptied: 417098 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 41774553 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sue
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 40.96 mb


    OTL by OldTimer - Version 3.1.11.5 log created on 12042009_173521

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\_avast4_\unp61403329.tmp not found!
    File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  18. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    Hi Ian,

    Guess what?
    That MBAM problem has come up before .... and yesterday MBAM released an update:
    That problem has now been fixed in the new version. [​IMG]

    Let me know if there are any problems.... if not we'll finish off.

    Thanks
     
  19. I4N

    I4N Member

    Joined:
    Aug 16, 2009
    Messages:
    73
    Re: I've got a problem

    Nice to know I wasn't alone :rolleyes:
    Thanks for everything, all running well, I declare this thread "SOLVED" :D:D
     
  20. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Re: I've got a problem

    You don't get away that easy. [​IMG]
    You didn't think i've finished with you yet, did you? :)

    Let's tidy up now.
    • Please double-click OTL.exe to run it.
    • You should see a CleanUp! button, press that button,
    • This will remove any programs we have asked you to download along with their associated folders.. plus itself.

    Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Select the drive for cleaning then click OK (usually 'C' drive)
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

    To find out how you may have been infected....read this topic:
    So how did i get infected?

    Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
    • Use an AntiVirus Software
      Note*:
      Upon installation MS Security Essentials will check that your OS is a legal copy.

      Only install one AntiVirus program
    • Update your AntiVirus Software regularly
    • Use a 3rd party Firewall NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

      Only install one software Firewall
    • Scan regularly with a 'Stand Alone' Anti-Malware scanner:
      Installing another scanner that you can run once or twice a week is always beneficial.
      Something like:
      Malwarebytes Anti-Malware
      SUPERAntiSypware
      Remember to update these programs each time before running.
      You can install more than one of these if you only run them as stand alone programs.
    • Use an alternative browser:
      Some excellent alternatives to MS Internet Explorer are:

      Firefox
      For added security, add the NoScript extension to this browser:
      Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

      Opera

      They offer better security, more stability, and better speed.
    • Keep a backup of your registry
      Keeping a regular backup of your registry will help when something goes wrong.
      Use a program like:
      Erunt

      A full tutorial on how to set up and use Erunt can be found here:
      Erunt tutorial
    • Keep your system clean of temp files etc, using a 'Cleaner':

      Cleaners are programs that will help to clean out your:
      Windows temp files
      Current user temp files
      Cookies
      Temporary Internet flies
      Browser history
      Recycle bin
      Etc.......
      In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
      Programs like:
      CCleaner
      TFC by OldTimer
      ATF Cleaner
    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

      A tutorial on installing & using this product can be found here:
      Using and installing SpywareBlaster
    • Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.
    Follow this list and your potential for being infected again will reduce dramatically.

    Glad I was able to help.

    Safe surfing.
     

Share This Page