Free Malware Removal Forum

[rcnyst@yahoo.com]

Here is my log and uninstall list. I cannot get any updates to the computer or superantispyware and malwarebytes. Happened when went to a website and a download now came up and clicked. Screen filled up with fake spyware scanner and couldn't see behind or get around even in safe mode. Had to boot to safemode with cmd and run a script delete fix from online which got rid of the main but still get the download now all the time at websites. Tried a few more antispyware and no luck.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:01 PM, on 4/11/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 7377 bytes

32 Bit HP CIO Components Installer
abti uGuru
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Apple Application Support
Apple Software Update
AVG 9.0
Belarc Advisor 8.1
CCleaner
Coupon Printer for Windows
DVD Flick 1.3.0.7
Hijackthis 1.99.1
HijackThis 2.0.2
HP Customer Participation Program 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
ijji - Gunz
ijji REACTOR
ImgBurn
IObit Security 360
IrfanView (remove only)
Java(TM) 6 Update 18
LimeWire 5.5.8
Malwarebytes' Anti-Malware
MediaMonkey 3.0
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
NVIDIA Display Control Panel
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
Picasa 3
PVSonyDll
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VLC media player 1.0.5
Vuze
Vuze_Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip 12.1
Yrefresher 1.00

[peku006]

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

• If you don't know or understand something please don't hesitate to ask
• Please DO NOT run any other tools or scans whilst I am helping you.
• It is important that you reply to this thread. Do not start a new topic.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
• Absence of symptoms does not mean that everything is clear.

• I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  
  

  LimeWire
  Vuze

  
  
• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  
• Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  
• Click on start
• Then Run
• In the open text entry box please copy/paste appwiz.cpl Then click enter.
• Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
• Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please reply with new uninstall list.

Thanks peku006

[rcnyst@yahoo.com]

32 Bit HP CIO Components Installer
abti uGuru
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Apple Application Support
Apple Software Update
AVG 9.0
CCleaner
Coupon Printer for Windows
DVD Flick 1.3.0.7
HijackThis 2.0.2
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Solution Center 13.0
HP Update
ImgBurn
IrfanView (remove only)
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
MediaMonkey 3.0
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MusicBrainz Picard
NVIDIA Display Control Panel
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
Picasa 3
PVSonyDll
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
VLC media player 1.0.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinZip 12.1
Yrefresher 1.00

[peku006]

Hi

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006

[rcnyst@yahoo.com]

Here we go

OTL logfile created on: 4/18/2010 10:52:27 AM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = E:\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 12.85 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
Drive D: | 29.30 Gb Total Space | 16.76 Gb Free Space | 57.20% Space Free | Partition Type: NTFS
Drive E: | 640.04 Gb Total Space | 147.17 Gb Free Space | 22.99% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 698.63 Gb Total Space | 232.06 Gb Free Space | 33.22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)


========== Modules (SafeList) ==========

MOD - E:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriverw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilterw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSErHrw7x) -- C:\Windows\System32\Drivers\AVGIDSwx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimw7x) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (UGURU) -- C:\Windows\System32\drivers\uGuru.sys (ABIT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B CF 1B B3 50 DD CA 01 [binary data]
IE - HKU\S-1-5-21-878786566-4271844642-839950014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:1.9.2
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: sidecar@amazon.com:0.7.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/05 06:56:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/12 10:40:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 22:45:57 | 000,000,000 | ---D | M]

[2010/03/27 11:11:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions
[2010/03/27 11:11:15 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/18 07:50:13 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions
[2010/04/17 14:00:15 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
[2010/03/23 19:45:33 | 000,000,000 | ---D | M] (Playdom Toolbar) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}
[2010/04/17 14:00:15 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/13 18:25:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/07 10:47:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\sidecar@amazon.com
[2010/04/17 14:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/14 09:33:40 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
O3 - HKU\S-1-5-21-878786566-4271844642-839950014-1001\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Program Files\YRefresher\YRefresher.dll ()
O4 - HKU\S-1-5-21-878786566-4271844642-839950014-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-878786566-4271844642-839950014-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-878786566-4271844642-839950014-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 93.188.161.105 93.188.166.105 1.2.3.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/12 19:37:27 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{067598ee-1bf4-11df-9500-00508db3cf4f}\Shell - "" = AutoRun
O33 - MountPoints2\{067598ee-1bf4-11df-9500-00508db3cf4f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 11:55:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\ElevatedDiagnostics
[2010/04/12 15:00:43 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\Downloads
[2010/04/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\GetRightToGo
[2010/04/12 14:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/04/11 22:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/04/11 22:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/11 22:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/10 12:48:18 | 000,000,000 | ---D | C] -- C:\Users\Robert\EurekaLog
[2010/04/08 13:46:00 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apple
[2010/04/07 18:43:54 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/04/05 06:21:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Adobe
[2010/04/03 09:36:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/03 09:36:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\temp
[2010/04/03 09:27:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/03 09:27:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/03 09:27:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/03 09:27:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/03 09:26:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/03 09:26:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/03 09:02:53 | 000,000,000 | ---D | C] -- C:\temp
[2010/04/03 09:02:49 | 000,000,000 | ---D | C] -- C:\Users\Robert\.jnlp-applet
[2010/03/31 12:17:00 | 000,426,704 | ---- | C] (True Games Interactive) -- C:\Windows\System32\uc_wepic_launching.dll
[2010/03/30 22:34:50 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Gunz
[2010/03/30 22:34:34 | 003,601,608 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2010/03/30 22:34:17 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2010/03/30 22:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/03/30 22:30:29 | 000,000,000 | ---D | C] -- C:\ijji
[2010/03/30 22:25:40 | 000,000,000 | -H-D | C] -- C:\Users\Robert\AppData\Roaming\ijjigame
[2010/03/30 22:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\ijji
[2010/03/27 11:46:08 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/27 11:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/27 11:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/27 11:11:20 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\LimeWire
[2010/03/25 19:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/25 18:07:12 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/25 06:17:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/03/25 06:10:28 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2010/03/25 06:10:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/25 06:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/25 06:10:24 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/25 06:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/24 18:45:58 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\rkasiSo.exe
[2010/03/24 18:45:57 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\VtJnreKfr.dll
[2010/03/24 18:45:57 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\jHVkvk.exe
[2010/03/24 18:45:56 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\YpJRQqNYK.dll
[2010/03/24 18:45:56 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\UUGLU.exe
[2010/03/24 18:45:56 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\dxYql.exe
[2010/03/24 18:45:55 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\Lxukb.exe
[2010/03/24 18:45:55 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\IouCfSF.exe
[2010/03/24 18:45:54 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\pAQTvNXl.dll
[2010/03/24 18:45:53 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\DTOoCr.dll
[2010/03/24 18:45:52 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\NiXhsIG.dll
[2010/03/24 18:45:52 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\kecjtpG.exe
[2010/03/24 18:45:52 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\JmCpGvj.exe
[2010/03/24 18:45:51 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\ujcsTLoY.exe
[2010/03/24 18:45:50 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\FveDu.dll
[2010/03/24 18:45:49 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\JMuUUc.dll
[2010/03/24 18:45:48 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\GftOyGSN.exe
[2010/03/24 18:45:47 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\nuGlo.dll
[2010/03/24 18:45:47 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\kgTaSpME.dll
[2010/03/24 18:45:47 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\iQsGbSJLA.exe
[2010/03/24 18:45:46 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\StmfC.exe
[2010/03/24 18:45:46 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\jSeHcUveb.dll
[2010/03/24 18:45:43 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\PjvteqP.dll
[2010/03/24 18:45:41 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\GbuBOQj.dll
[2010/03/24 18:45:39 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\FJlrLA.exe
[2010/03/24 18:45:38 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\APKbhiA.exe
[2010/03/24 18:45:37 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\iCQjOfF.dll
[2010/03/24 18:45:36 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\WHIfnlfOE.exe
[2010/03/24 18:45:36 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\VxPlpyIW.exe
[2010/03/24 18:45:35 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\pEbLqbp.dll
[2010/03/24 18:45:35 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\EKcwbis.dll
[2010/03/24 18:45:35 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\djoPHiai.dll
[2010/03/24 18:45:34 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\UKPhkaQ.exe
[2010/03/24 18:45:33 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\OtaaF.exe
[2010/03/24 18:45:31 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\JUXBxCl.exe
[2010/03/24 18:45:31 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\HbElJ.exe
[2010/03/24 18:45:31 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\gLkSeq.exe
[2010/03/24 18:45:29 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\uBkrj.dll
[2010/03/24 18:45:29 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\QQkNaF.dll
[2010/03/24 18:45:29 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\KnTYr.exe
[2010/03/24 18:45:28 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\lehatR.dll
[2010/03/24 18:45:27 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\TtkQf.exe
[2010/03/24 18:45:27 | 000,287,256 | R--- | C] (Abale.com (info@abale.com)) -- C:\Windows\System32\drivers\BlNxvR.dll
[2010/03/21 13:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/03/21 13:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/03/21 13:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\xpgBjhYkr.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\wXnatpof.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\VpmWtWGaR.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\UyvMuQ.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\UqfTf.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\tuUSOB.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\tPDvAFjTy.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\QSeGoTc.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\oUQnWmwp.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\nwtHyxQNS.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\NCyVLWo.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\MHRvg.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\lUYAFDYd.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\ljIWCyP.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\jPdVWQr.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\IymXG.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\ikmSIhIUT.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\HTIBFf.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\hMOPpFCWW.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\ghIyy.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\fqovIhs.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\euoIQ.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\BMjXkFG.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\beuiOM.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\aQnQF.dll
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\drivers\aOEacj.exe
[2010/03/19 23:47:54 | 000,051,311 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\ahiPaYxBQ.dll
[2010/03/19 23:47:54 | 000,050,688 | ---- | C] (UNIVERSAL ABIT) -- C:\Windows\System32\AC2005DLL.dll
[2010/03/19 23:47:54 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/03/19 23:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\U-ABIT
[2010/03/19 23:47:40 | 000,021,048 | ---- | C] (ABIT) -- C:\Windows\System32\drivers\uGuru.sys
[2010/03/19 23:47:33 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\InstallShield

========== Files - Modified Within 30 Days ==========

[2010/04/18 10:53:38 | 004,194,304 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT
[2010/04/18 10:33:15 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 10:33:15 | 000,014,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 10:30:17 | 000,796,712 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/18 10:30:17 | 000,675,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/18 10:30:17 | 000,123,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/18 10:25:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/18 10:25:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/18 10:25:53 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/18 09:33:03 | 004,146,992 | -H-- | M] () -- C:\Users\Robert\AppData\Local\IconCache.db
[2010/04/18 08:48:10 | 000,000,000 | ---- | M] () -- C:\Users\Robert\AppData\Local\prvlcl.dat
[2010/04/18 07:35:15 | 059,026,748 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/16 22:45:57 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/16 16:32:26 | 000,580,293 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/16 15:29:13 | 000,007,680 | ---- | M] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/12 14:53:15 | 000,009,692 | ---- | M] () -- C:\Users\Robert\Desktop\cc_20100412_145310.reg
[2010/04/11 22:38:30 | 000,002,049 | ---- | M] () -- C:\Users\Robert\Desktop\HijackThis.lnk
[2010/04/03 09:35:27 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/31 12:17:00 | 000,426,704 | ---- | M] (True Games Interactive) -- C:\Windows\System32\uc_wepic_launching.dll
[2010/03/27 11:46:09 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/27 11:28:20 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/25 19:47:18 | 000,001,841 | ---- | M] () -- C:\Users\Robert\Desktop\CCleaner.lnk
[2010/03/19 14:03:28 | 000,016,425 | ---- | M] () -- C:\Users\Robert\Documents\Resume(prof).docx
[2010/03/19 12:10:03 | 000,000,930 | ---- | M] () -- C:\Users\Robert\Desktop\Dani.lnk

========== Files Created - No Company Name ==========

[2010/04/16 22:45:57 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/12 14:53:14 | 000,009,692 | ---- | C] () -- C:\Users\Robert\Desktop\cc_20100412_145310.reg
[2010/04/11 22:38:30 | 000,002,049 | ---- | C] () -- C:\Users\Robert\Desktop\HijackThis.lnk
[2010/04/03 09:27:51 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/03 09:27:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/03 09:27:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/03 09:27:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/03 09:27:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/30 22:34:17 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2010/03/27 11:46:09 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/26 13:24:49 | 000,007,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/25 19:47:18 | 000,001,841 | ---- | C] () -- C:\Users\Robert\Desktop\CCleaner.lnk
[2010/03/25 06:10:28 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/19 13:09:46 | 000,016,425 | ---- | C] () -- C:\Users\Robert\Documents\Resume(prof).docx
[2010/03/19 12:09:38 | 000,000,930 | ---- | C] () -- C:\Users\Robert\Desktop\Dani.lnk
[2010/03/07 15:37:36 | 000,000,000 | ---- | C] () -- C:\Users\Robert\AppData\Local\prvlcl.dat
[2010/02/14 20:55:17 | 000,003,986 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/02/13 16:59:57 | 004,194,304 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT
[2010/02/13 16:59:57 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/02/13 16:59:57 | 000,524,288 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/02/13 16:59:57 | 000,262,144 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG1
[2010/02/13 16:59:57 | 000,065,536 | -HS- | C] () -- C:\Users\Robert\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/02/13 16:59:57 | 000,000,020 | -HS- | C] () -- C:\Users\Robert\ntuser.ini
[2010/02/13 16:59:57 | 000,000,000 | -HS- | C] () -- C:\Users\Robert\ntuser.dat.LOG2
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 4/18/2010 10:52:27 AM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = E:\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.29 Gb Total Space | 12.85 Gb Free Space | 43.88% Space Free | Partition Type: NTFS
Drive D: | 29.30 Gb Total Space | 16.76 Gb Free Space | 57.20% Space Free | Partition Type: NTFS
Drive E: | 640.04 Gb Total Space | 147.17 Gb Free Space | 22.99% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 698.63 Gb Total Space | 232.06 Gb Free Space | 33.22% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBERT-PC
Current User Name: Robert
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVD Flick_is1" = DVD Flick 1.3.0.7
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"PROPLUSR" = Microsoft Office Professional Plus 2007
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"YRefresher_is1" = Yrefresher 1.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-878786566-4271844642-839950014-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2010 1:35:45 PM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/13/2010 4:58:51 PM | Computer Name = Robert-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/14/2010 7:49:03 AM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/15/2010 8:09:13 AM | Computer Name = Robert-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/16/2010 5:22:03 PM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/17/2010 9:12:53 AM | Computer Name = Robert-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 4/17/2010 11:30:41 AM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/17/2010 12:28:17 PM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/18/2010 8:49:22 AM | Computer Name = Robert-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/18/2010 9:34:40 AM | Computer Name = Robert-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/12/2010 11:41:16 AM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 4/12/2010 11:58:41 AM | Computer Name = Robert-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 4/15/2010 11:33:07 AM | Computer Name = Robert-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 4/15/2010 11:33:08 AM | Computer Name = Robert-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 4/15/2010 11:33:09 AM | Computer Name = Robert-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 4/15/2010 11:33:13 AM | Computer Name = Robert-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 4/15/2010 11:33:14 AM | Computer Name = Robert-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 4/17/2010 5:59:17 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 4/17/2010 6:07:51 PM | Computer Name = Robert-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 4/18/2010 8:51:11 AM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183


< End of report >

[peku006]

Hi rcnyst

Sorry for delay, I have problems with my "intternet-connection"

1 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)


Thanks peku006

[rcnyst@yahoo.com]

I am really sorry but I keep getting the blue screen after around 74. It just flashed then restarts the computer. Is there something else i could do?

[peku006]

Hi rcnyst

Uninstall ComboFix

• Click START then RUN
  
• Now type Combofix /Uninstall in the runbox and click OK

Download the latest version of ComboFix and run it

Thanks peku006

[rcnyst@yahoo.com]

ComboFix 10-04-21.01 - Robert 04/21/2010 14:39:45.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.852 [GMT -5:00]
Running from: e:\downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 19:43 . 2010-04-21 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-13 16:55 . 2010-04-13 16:55 -------- d-----w- c:\users\Robert\AppData\Local\ElevatedDiagnostics
2010-04-12 20:00 . 2010-04-12 20:01 -------- d-----w- c:\users\Robert\AppData\Roaming\GetRightToGo
2010-04-12 15:37 . 2009-08-17 17:56 462848 ------w- c:\programdata\HP\Installer\Temp\hpzswp01.exe
2010-04-12 13:37 . 2009-07-31 22:02 1639224 ------w- c:\programdata\HP\Installer\Temp\hpzscr01.EXE
2010-04-12 13:37 . 2009-07-31 22:02 1710392 ------w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-12 13:37 . 2009-05-22 05:12 121344 ----a-w- c:\programdata\HP\Installer\Temp\hpqrrx08.exe
2010-04-12 03:39 . 2010-04-12 03:39 -------- d-----w- c:\programdata\IObit
2010-04-12 03:39 . 2010-04-12 03:39 -------- d-----w- c:\program files\IObit
2010-04-12 03:38 . 2010-04-12 03:38 -------- d-----w- c:\program files\Trend Micro
2010-04-10 17:48 . 2010-04-10 18:42 -------- d-----w- c:\users\Robert\EurekaLog
2010-04-10 17:04 . 2010-04-10 17:04 10686001 ----a-w- c:\users\Robert\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2010-04-08 18:46 . 2010-04-08 18:46 -------- d-----w- c:\users\Robert\AppData\Local\Apple
2010-04-07 23:43 . 2010-04-07 23:43 -------- d-----w- c:\users\Robert\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-04-05 11:21 . 2010-04-18 12:39 -------- d-----w- c:\users\Robert\AppData\Local\Adobe
2010-04-03 14:36 . 2010-04-21 19:43 -------- d-----w- c:\users\Robert\AppData\Local\temp
2010-04-03 14:02 . 2010-04-03 14:02 -------- d-----w- C:\temp
2010-04-03 14:02 . 2010-04-03 14:02 -------- d-----w- c:\users\Robert\.jnlp-applet
2010-03-31 17:17 . 2010-03-31 17:17 426704 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2010-03-31 03:34 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-03-31 03:34 . 2010-03-31 03:34 -------- d-----w- c:\program files\Common Files\INCA Shared
2010-03-31 03:30 . 2010-03-31 03:30 -------- d-----w- C:\ijji
2010-03-31 03:25 . 2010-04-10 06:45 220926964 ----a-w- c:\users\Robert\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2010-03-31 03:25 . 2010-03-31 03:32 -------- d--h--w- c:\users\Robert\AppData\Roaming\ijjigame
2010-03-31 03:24 . 2010-03-31 03:24 -------- d-----w- c:\program files\ijji
2010-03-27 16:46 . 2010-03-27 16:46 52224 ----a-w- c:\users\Robert\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 16:46 . 2010-03-27 16:46 117760 ----a-w- c:\users\Robert\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 16:46 . 2010-04-18 12:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-27 16:46 . 2010-03-27 16:46 -------- d-----w- c:\users\Robert\AppData\Roaming\SUPERAntiSpyware.com
2010-03-27 16:45 . 2010-03-27 16:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 00:47 . 2010-03-26 00:47 -------- d-----w- c:\program files\CCleaner
2010-03-25 23:07 . 2010-03-25 23:07 -------- d-----w- c:\windows\Sun
2010-03-25 11:10 . 2010-03-25 11:10 -------- d-----w- c:\users\Robert\AppData\Roaming\Malwarebytes
2010-03-25 11:10 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-25 11:10 . 2010-03-25 11:10 -------- d-----w- c:\programdata\Malwarebytes
2010-03-25 11:10 . 2010-03-27 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-25 11:10 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-24 00:45 . 2010-03-16 16:36 52224 ----a-w- c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\FFExternalAlert.dll
2010-03-24 00:45 . 2010-03-16 16:36 101376 ----a-w- c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\extensions\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}\components\RadioWMPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 19:37 . 2010-02-16 11:13 -------- d-----w- c:\program files\PeerGuardian2
2010-04-21 00:48 . 2010-03-07 20:37 0 ----a-w- c:\users\Robert\AppData\Local\prvlcl.dat
2010-04-20 23:22 . 2010-02-13 23:21 -------- d-----w- c:\users\Robert\AppData\Roaming\vlc
2010-04-12 19:56 . 2010-02-15 01:56 -------- d-----w- c:\program files\HP
2010-04-12 15:42 . 2010-02-13 23:20 -------- d-----w- c:\users\Robert\AppData\Roaming\Azureus
2010-04-12 15:40 . 2010-03-20 04:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 21:00 . 2010-03-07 21:31 -------- d-----w- c:\users\Robert\AppData\Roaming\DVD Flick
2010-03-26 01:51 . 2010-02-13 23:33 -------- d-----w- c:\programdata\avg9
2010-03-21 18:30 . 2010-03-21 18:30 -------- d-----w- c:\program files\Common Files\Apple
2010-03-21 18:30 . 2010-03-21 18:30 -------- d-----w- c:\programdata\Apple
2010-03-21 18:30 . 2010-03-21 18:30 -------- d-----w- c:\program files\Apple Software Update
2010-03-20 04:48 . 2010-03-20 04:47 -------- d-----w- c:\program files\U-ABIT
2010-03-20 04:47 . 2010-03-20 04:47 -------- d-----w- c:\users\Robert\AppData\Roaming\InstallShield
2010-03-15 02:10 . 2010-03-15 02:10 -------- d-----w- c:\users\Robert\AppData\Roaming\IrfanView
2010-03-15 02:10 . 2010-03-15 02:10 -------- d-----w- c:\program files\IrfanView
2010-03-14 14:33 . 2010-03-14 14:33 423464 ----a-w- c:\users\Robert\AppData\Roaming\E-centives\BSTIEPrintCtl1.dll
2010-03-14 14:33 . 2010-03-14 14:33 -------- d-----w- c:\users\Robert\AppData\Roaming\E-centives
2010-03-14 14:33 . 2010-03-14 14:33 443944 ----a-w- c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\E-centives\UninstallCouponActivator.exe
2010-03-14 14:30 . 2010-03-14 14:30 -------- d-----w- c:\program files\Coupons
2010-03-11 04:27 . 2010-02-14 03:42 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 22:35 . 2010-03-09 22:35 143976 ----a-w- c:\users\Robert\AppData\Roaming\Move Networks\uninstall.exe
2010-03-09 22:35 . 2010-03-09 22:35 -------- d-----w- c:\users\Robert\AppData\Roaming\Move Networks
2010-03-09 22:35 . 2009-10-15 00:50 5642688 ----a-w- c:\users\Robert\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
2010-03-07 21:27 . 2010-03-07 21:27 -------- d-----w- c:\program files\DVD Flick
2010-03-07 21:22 . 2010-03-07 21:22 -------- d-----w- c:\users\Robert\AppData\Roaming\ImgBurn
2010-03-07 21:20 . 2010-03-07 21:20 -------- d-----w- c:\program files\ImgBurn
2010-03-04 16:03 . 2010-02-13 23:34 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 16:03 . 2010-03-04 16:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 16:03 . 2010-02-13 23:34 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 16:03 . 2010-02-13 23:34 25096 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-03-04 16:03 . 2010-02-13 23:34 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 16:03 . 2010-02-13 23:34 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-25 01:03 . 2010-02-16 11:13 -------- d-----w- c:\program files\MediaMonkey
2010-02-23 01:26 . 2010-02-23 01:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-22 03:31 . 2010-02-22 03:26 -------- d-----w- c:\program files\YRefresher
2010-02-21 13:42 . 2010-02-20 15:16 -------- d-----w- c:\programdata\NOS
2010-02-20 15:16 . 2010-02-20 15:17 38784 ----a-w- c:\users\Robert\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 15:16 . 2010-02-20 15:16 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 15:16 . 2010-02-20 15:16 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 11:23 . 2010-02-16 11:24 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-16 11:12 . 2010-02-13 23:20 109208 ----a-w- c:\users\Robert\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-15 02:04 . 2010-02-15 01:55 221035 ----a-w- c:\windows\hpoins19.dat
2010-02-13 23:34 . 2010-02-13 23:34 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-02-02 07:45 . 2010-02-24 05:27 2048 ----a-w- c:\windows\system32\tzres.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ABIT uGuruIII]
2007-02-09 21:05 22528 ----a-w- c:\program files\U-ABIT\uGuru\LaunchuGuru.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 22:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-23 00:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-03-04 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-04 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-02-13 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-04 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-04 242696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2006-10-02 21048]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-04 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-04 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-03-04 2325816]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-03-04 122376]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-03-04 30216]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-03-04 20488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\it2rj6m2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\Robert\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-04-21 14:44:43
ComboFix-quarantined-files.txt 2010-04-21 19:44

Pre-Run: 13,656,502,272 bytes free
Post-Run: 13,599,625,216 bytes free

- - End Of File - - 9DE9C32250BB39E7635F6AA8D87786AE

[peku006]

Hi rcnyst

1 - Run Malwarebytes' Anti-Malware

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Make sure the "Perform full scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

1. Click on the Show Results button to see a list of any malware that was found.
2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
   We will take care of the System Volume Information items later.
3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
   The log can also be found here:
   C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

[rcnyst@yahoo.com]

I can't update it same problem with superantispyware to. I even go online for manual updates but it blocks the sites.
The error I get is:
An error occurred. Please report the following error to the Mawarebytes anti-malware support team.

Error code: 732(12007,0)

[peku006]

Hi rcnyst

Read this page

[rcnyst@yahoo.com]

i get a problem loading page with link thanks

[peku006]

Hi rcnyst

Error code: 732 (12007, 0), Update problems

Step 1: Verify Internet Connectivity of Internet Explorer:

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please go here and download ERUNT.
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
• Make sure that at least the first two check boxes are selected.
• Click on OK
• Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

• Click on Start and select Run
• In the Run box copy and paste the text in the following code box exactly as written and press Enter or click on OK:

Code: Select all

REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f

• Try updating again and if it does not work then please proceed to Step 2

Step 2: Verify Your Internet Connection Settings:

• Open Internet Explorer
• Note: It MUST be Internet Explorer, not Firefox, Opera, Chrome or any other internet browser
• Click on Tools at the top and select Internet Options
• Note: If you do not see Tools, press the Alt key on your keyboard and it will show up
• Click on the Connections tab
• Click on the LAN settings button
• Under Automatic configuration make sure that the box next to Automatically detect settings is checked, if it is not, then click the box next to it to check it
• Under Proxy server make sure that the box next to Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections). is not checked and if it is, click the box next to it to uncheck it
• Click on the OK button to close the Local Area Network (LAN) Settings window
• Click on the OK button to close the [B]Internet Options[/B] window
• Try updating Malwarebytes' Anti-Malware again to see if it now works correctly

Now try updating Malwarebytes' Anti-Malware once more and if it does not work then please proceed to Step 3

Step 3: Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

• C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
• C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
• C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
• C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
• C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
• C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
• C:\Windows\System32\drivers\mbam.sys
• C:\Windows\System32\drivers\mbamswissarmy.sys

Note: If using a software firewall besides the built in Windows Firewall you'll need to exclude MBAM.EXE from it as well

Step 4: Ping the Content Delivery Network

Click on START and in the search line type in CMD and press the Enter key
Then in the DOS console window type in the following and press the Enter key and verify that you get a response

Code: Select all

PING mbam-cdn.malwarebytes.org

Thanks peku006

[rcnyst@yahoo.com]

still cannot update this when i try and ping i get the error ping request could not find host mbam-cdn.malwarebytes.ord. Please check the name and try again.