Solved virus stopped my avira working vista

hanqba1 · 2011/10/17

combofix log

computer seems to be running fine when combofix was running a message appeared saying infection found rootkit zero access inserted into tcp/ip stack. it also rebooted my computer. here is the scan thanks for all omboFix 11-10-16.03 - Sarah 17/10/2011 10:44:33.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3001.2159 [GMT 1:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sarah\AppData\Roaming\.#
c:\users\Sarah\AppData\Roaming\.#\MBX@4E8@1B22928.###
c:\users\Sarah\AppData\Roaming\.#\MBX@4E8@1B22958.###
c:\users\Sarah\AppData\Roaming\.#\MBX@4E8@1B22988.###
c:\windows\$NtUninstallKB30337$
c:\windows\$NtUninstallKB30337$\162023665
c:\windows\PFRO.log
c:\windows\system32\odbcad32.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-17 10:09 . 2011-10-17 10:09 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2011-10-17 10:09 . 2011-10-17 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-17 09:41 . 2011-10-17 09:41 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD2E1467-3CE0-4132-A56E-E6E01733AF2C}\offreg.dll
2011-10-16 09:21 . 2011-09-30 23:05 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-10-15 13:53 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 13:53 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 13:53 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-15 13:53 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-15 13:53 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-10-15 13:53 . 2011-09-06 13:30 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-15 09:21 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
2011-10-15 09:19 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-15 09:19 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 09:19 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 09:19 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-15 09:18 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-15 09:18 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-15 09:18 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-10-15 09:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\programdata\Malwarebytes
2011-10-15 08:58 . 2011-10-15 08:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-15 08:58 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-14 20:16 . 2011-10-14 20:17 -------- d-----w- c:\windows\system32\ca-ES
2011-10-14 20:16 . 2011-10-14 20:17 -------- d-----w- c:\windows\system32\eu-ES
2011-10-14 20:16 . 2011-10-14 20:17 -------- d-----w- c:\windows\system32\vi-VN
2011-10-14 19:55 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-14 19:55 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-14 19:55 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-14 19:55 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-14 19:55 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-14 19:55 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-14 19:33 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-14 19:33 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-14 19:31 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD2E1467-3CE0-4132-A56E-E6E01733AF2C}\mpengine.dll
2011-10-14 18:37 . 2011-10-14 18:37 -------- d-----w- c:\program files\STOPzilla!
2011-10-14 18:37 . 2011-10-14 18:37 -------- d-----w- c:\program files\Common Files\iS3
2011-10-12 18:20 . 2011-10-12 18:20 -------- d-----w- c:\programdata\AVAST Software
2011-10-12 18:20 . 2011-10-12 18:20 -------- d-----w- c:\program files\AVAST Software
2011-10-12 17:36 . 2011-10-12 17:36 -------- d-sh--w- c:\users\Sarah\AppData\Local\22a6abd8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.your help

hanqba1 · 2011/10/17

combifix log

011-08-03 18:12 . 2011-08-03 18:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-11 6724128]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-06-23 703008]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-06-16 1131016]
"ArcadeDeluxeAgent "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-05-05 156968]
"CLMLServer "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-05-05 206120]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-05-04 173288]
"Conime "= "c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor "= "c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Skytel "= "c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-11 1833504]
"Malwarebytes' Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
Samsung Auto Backup Guage.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFGuage.exe [2011-3-16 888832]
Samsung Auto Backup Real-Time Daemon.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe [2011-3-16 77824]
Samsung Auto Backup Scheduler.lnk - c:\program files\Clarus\Samsung Auto Backup\ISFTimerD.exe [2011-3-16 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 MSR Service;Virtual Disk Service Manager;c:\program files\Clarus\Samsung SecretZone\MSSvc.exe [2010-03-13 114688]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [2008-10-01 10504]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-06-23 723488]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [2009-05-04 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\center\KodakSvc.exe [2009-04-17 32768]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-01-15 49664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
Contents of the 'Scheduled Tasks' folder
.

hanqba1 · 2011/10/17

combifix log

2010-10-26 c:\windows\Tasks\AiO Home Center Registration Remind Task.job
- c:\programdata\Kodak\Installer\Registration.exe [2009-09-29 17:25]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 18:12]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 18:12]
.
2011-10-17 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\AiO\Center\Kodak.Statistics.exe [2009-05-04 11:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c205l0394zqh5t47m2x231
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
Completion time: 2011-10-17 11:16:53
ComboFix-quarantined-files.txt 2011-10-17 10:16
.
Pre-Run: 88,498,823,168 bytes free
Post-Run: 92,791,496,704 bytes free
.
- - End Of File - - A3C1BE2B6C829C1281C1EB587DCED979

broni · 2011/10/17

Good

You're running two AV programs, Avast and Avira.
One of them has to go.
Your choice.

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box

Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
Folder::
c:\program files\STOPzilla!
c:\program files\Common Files\iS3
c:\users\Sarah\AppData\Local\22a6abd8
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

hanqba1 · 2011/10/17

avira

avira will not let me uninstall just get "set up could not determine the feature controll file. or was not able to read correctly. according to controll panel there are 28.9MB so not sure if some of program has uninstalled. have turned it off in start menu

broni · 2011/10/17

Please [color= "#FF0000"]click here[/color] to download [color= "#0000FF"]AppRemover[/color] on your desktop.

Once done, double click on the icon of AppRemover.exe to run it.
[color= "#008000"]Vista users, right click on the icon and select "run as administrator "[/color]

Uncheck "Enable anonymous usage statistics. No personal data will be recorded. "

Click on the Next button.

Click on "[color= "#000000"]Remove Security Application[/color]" or "[color= "#000000"]Clean Up a Failed Uninstall[/color]" depending on what you want to do.

Click on the Next button.

A scan begins, please wait. Once done, click on the Next button.

Now you should have a list of your security programs, choose the one you want to remove and click on the Next button.

Follow the last step and reboot if asked to do so.

hanqba1 · 2011/10/17

Avira

Have run both scans but aqvira 28.9 mb of avira still there. When i ran the clean up profram got the followin message " application not found" have sent a report

hanqba1 · 2011/10/17

Sorry

Sorry for the mistakes but it is 12.45 am here yime for bed i think will continue in morning goodnight and thanks again for your help

broni · 2011/10/17

No problem.
With the next scan we'll see if there are any Avira active leftovers.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

hanqba1 · 2011/10/18

otl

OTL logfile created on: 18/10/2011 08:00:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.22% Memory free
6.09 Gb Paging File | 4.95 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 85.41 Gb Free Space | 61.43% Space Free | Partition Type: NTFS

Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/18 07:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2011/10/17 11:52:57 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sarah\AppData\Local\temp\RtkBtMnt.exe
PRC - [2011/09/06 21:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/17 18:28:02 | 000,332,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\CheckSURPackage.EXE
PRC - [2011/01/21 08:28:58 | 000,810,456 | ---- | M] (Microsoft Corporation) -- c:\57c331f5f3b2e8f115ecec95b6193f39\checksur.exe
PRC - [2011/01/21 08:28:58 | 000,045,112 | ---- | M] () -- c:\57c331f5f3b2e8f115ecec95b6193f39\checksurlauncher.exe
PRC - [2010/03/15 17:00:46 | 000,102,400 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
PRC - [2010/03/15 16:33:52 | 000,077,824 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
PRC - [2010/03/15 16:32:38 | 000,888,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
PRC - [2010/03/13 02:29:16 | 000,114,688 | ---- | M] () -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe
PRC - [2009/06/23 17:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/06/23 17:45:50 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/06/23 17:45:48 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/06/16 12:33:26 | 001,131,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/05/14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/05/14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/05/13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/05/05 12:12:20 | 000,206,120 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2009/05/05 12:12:08 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/05/04 14:43:14 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
PRC - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe
PRC - [2009/04/14 17:48:50 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 17:27:30 | 001,511,424 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

========== Modules (No Company Name) ==========

MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/05 12:12:24 | 000,873,768 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/05/05 12:12:16 | 000,013,096 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
MOD - [2003/06/07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/06 21:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/13 02:29:16 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe -- (MSR Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/23 17:45:50 | 000,723,488 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/05/14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/04 12:15:26 | 000,279,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/04/17 12:08:26 | 000,032,768 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe -- (KodakSvc)
SRV - [2009/04/14 17:48:50 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (mvd20)
DRV - File not found [Kernel | Unknown | Running] -- -- (mdf15)
DRV - [2011/09/06 21:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 21:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 21:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 21:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 21:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 21:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/02/13 18:50:13 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/23 07:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/15 04:03:14 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C60x86.sys -- (L1C)
DRV - [2008/12/04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/10/01 04:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5332&r=2v350709c205l0394zqh5t47m2x231

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

hanqba1 · 2011/10/18

otl

IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2011/10/17 11:10:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD7C0F2C-BC4C-4E6B-BC68-ED12EFA6F211}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-199342007-3371899926-3485922746-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

hanqba1 · 2011/10/18

otl

[2011/10/18 07:49:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/10/18 07:45:24 | 000,000,000 | ---D | C] -- C:\57c331f5f3b2e8f115ecec95b6193f39
[2011/10/17 23:40:41 | 008,922,408 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Sarah\Desktop\AppRemover.exe
[2011/10/17 11:17:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/17 11:17:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2011/10/17 10:35:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/17 10:35:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/17 10:35:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/17 10:35:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/17 10:35:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/17 10:33:23 | 004,262,966 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/10/16 18:31:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\dds.scr
[2011/10/16 18:16:11 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2011/10/15 09:58:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2011/10/15 09:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/15 09:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/15 09:58:05 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/15 09:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/14 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/10/14 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/10/14 21:16:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/10/14 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/10/14 20:55:32 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/10/14 20:55:31 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/10/14 20:55:27 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/10/14 20:55:27 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/10/14 20:55:24 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/10/14 20:55:21 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/10/14 20:33:19 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/10/14 20:33:19 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/10/14 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/10/14 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/12 19:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/10/12 19:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/10/12 18:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\AppData\Local\22a6abd8
[2011/09/25 12:58:12 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Don Valley Interview
[2011/09/18 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Print
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/07/15 02:41:53 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/10/18 07:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/10/18 07:48:46 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/18 07:48:46 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/18 07:40:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/18 07:40:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 07:40:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/18 07:40:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/18 00:27:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/17 23:40:43 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Sarah\Desktop\AppRemover.exe
[2011/10/17 11:10:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/17 10:33:36 | 004,262,966 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2011/10/17 10:19:02 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2011/10/16 18:31:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\dds.scr
[2011/10/16 18:29:57 | 000,000,512 | ---- | M] () -- C:\Users\Sarah\Desktop\MBR.dat
[2011/10/16 18:16:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2011/10/16 16:32:49 | 000,302,592 | ---- | M] () -- C:\Users\Sarah\Desktop\9rnqtzkr.exe
[2011/10/16 11:24:14 | 000,336,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/15 09:58:09 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 21:32:15 | 000,164,864 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/14 20:55:33 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/14 20:55:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/10/14 20:20:08 | 000,261,772 | ---- | M] () -- C:\Users\Sarah\AppData\Local\census.cache
[2011/10/14 20:19:59 | 000,185,357 | ---- | M] () -- C:\Users\Sarah\AppData\Local\ars.cache
[2011/10/14 19:28:08 | 000,000,036 | ---- | M] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2011/10/12 19:28:11 | 003,886,887 | ---- | M] () -- C:\Users\Sarah\Desktop\Design.wmv
[2011/10/12 19:26:41 | 013,006,454 | ---- | M] () -- C:\Users\Sarah\Desktop\Design.flv
[2011/10/11 19:30:27 | 000,006,652 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2011/10/09 20:19:35 | 000,002,595 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office PowerPoint 2003.lnk
[2011/10/09 11:17:57 | 000,002,609 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Office Word 2003.lnk

========== Files Created - No Company Name ==========

[2011/10/17 10:35:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/17 10:35:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/17 10:35:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/17 10:35:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/17 10:35:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/16 18:29:57 | 000,000,512 | ---- | C] () -- C:\Users\Sarah\Desktop\MBR.dat
[2011/10/16 16:32:45 | 000,302,592 | ---- | C] () -- C:\Users\Sarah\Desktop\9rnqtzkr.exe
[2011/10/15 09:58:09 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 20:55:33 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/10/14 20:20:08 | 000,261,772 | ---- | C] () -- C:\Users\Sarah\AppData\Local\census.cache
[2011/10/14 20:19:59 | 000,185,357 | ---- | C] () -- C:\Users\Sarah\AppData\Local\ars.cache
[2011/10/14 19:28:08 | 000,000,036 | ---- | C] () -- C:\Users\Sarah\AppData\Local\housecall.guid.cache
[2011/10/12 19:27:04 | 003,886,887 | ---- | C] () -- C:\Users\Sarah\Desktop\Design.wmv
[2011/10/12 19:25:23 | 013,006,454 | ---- | C] () -- C:\Users\Sarah\Desktop\Design.flv
[2011/08/18 19:34:53 | 000,004,096 | -H-- | C] () -- C:\Users\Sarah\AppData\Local\keyfile3.drm
[2011/05/19 07:37:06 | 000,000,680 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2011/02/11 20:39:44 | 000,015,107 | ---- | C] () -- C:\Windows\UJIAUNST.INI
[2011/02/11 20:39:40 | 000,000,155 | ---- | C] () -- C:\Windows\UJIADA01.INI
[2010/09/21 17:53:11 | 000,000,232 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\fixpermissions.bat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/14 18:31:05 | 000,006,652 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2010/01/14 03:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 03:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/10/20 08:29:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 08:29:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/29 10:18:51 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2009/09/28 17:44:03 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/09/27 18:12:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/09/23 21:47:14 | 000,164,864 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 02:38:47 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2009/07/15 02:38:46 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/07/14 19:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009/07/14 19:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009/07/14 19:51:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/07/14 19:51:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/07/14 18:24:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,336,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,600,378 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,852 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

hanqba1 · 2011/10/18

otl

2009/07/14 20:10:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/07/14 20:10:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2009/07/14 20:10:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acer GameZone Console
[2010/02/17 12:51:17 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/09/27 17:27:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\EA
[2009/10/15 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\eSobi
[2010/09/20 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\FinalMediaPlayer
[2010/12/31 13:19:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Hermitech Laboratory
[2009/09/26 16:33:34 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\iWin
[2009/09/23 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PowerCinema
[2009/09/23 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SoftDMA
[2011/09/06 19:32:09 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Temp
[2010/04/14 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Template
[2010/10/26 10:18:00 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\AiO Home Center Registration Remind Task.job
[2011/10/18 00:43:43 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/07/15 02:42:31 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/10/17 11:16:56 | 000,012,871 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/10/18 07:40:02 | 3461,591,040 | -HS- | M] () -- C:\pagefile.sys
[2009/07/14 19:51:53 | 000,002,472 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/10/14 20:41:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/07 17:25:30 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\Windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/09/06 21:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/07/21 18:21:26 | 000,000,286 | -HS- | M] () -- C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/10/16 16:32:49 | 000,302,592 | ---- | M] () -- C:\Users\Sarah\Desktop\9rnqtzkr.exe
[2011/10/17 23:40:43 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Sarah\Desktop\AppRemover.exe
[2011/10/16 18:16:21 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Sarah\Desktop\aswMBR.exe
[2011/10/17 10:33:36 | 004,262,966 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
[2010/12/31 13:19:16 | 004,286,943 | ---- | M] (Hermitech Laboratory ) -- C:\Users\Sarah\Desktop\fmlsetup-tarsia.exe
[2011/10/18 07:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2011/08/27 09:55:24 | 005,177,584 | ---- | M] () -- C:\Users\Sarah\Desktop\YouTubeDownloaderSetup33.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

hanqba1 · 2011/10/18

otl

@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:798A3728

< End of report >

hanqba1 · 2011/10/18

otl extra

OTL Extras logfile created on: 18/10/2011 08:00:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 64.22% Memory free
6.09 Gb Paging File | 4.95 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 85.41 Gb Free Space | 61.43% Space Free | Partition Type: NTFS

Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-199342007-3371899926-3485922746-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB52068-BA7E-4799-9087-328AA4D49E63}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{3BE83C69-97A8-489A-8F2D-02F8BE225C08}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{68EB9ACA-DCA4-487B-BE64-06DBD412E0E8}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{EEFEB21F-C113-4094-8D42-214C8B261E5D}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103A5B59-C2FC-4A36-8AF6-66176E295EE5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16EAF962-21C2-4B32-B77F-51CBE607F501}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{1C45DE0A-7171-4084-B340-2F05D889FF01}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{239A47B8-887E-463A-ACAF-218EAA408D2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C385B2B-B113-4B8E-BD94-CA90BAAA1E61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4CAA20CA-9160-41B1-9BF9-131CE412B8A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4DCDC445-7BAC-41C9-81C1-D3E0B8BFDDE7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57A57551-50DB-4A02-A3FF-B2383CC30A62}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{58C7634A-1BE7-4E3B-9552-1DB88CDF3BB5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5BF695EB-B83D-40C2-BA18-12480E5B0251}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{5D82EC9B-3F54-4536-A774-70A07934A83F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6321694C-8C52-4B6B-ACAB-16658E682540}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{66E92E20-B773-4421-A630-66B5F6C441D1}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6A9E79C9-96D2-4579-972B-D85FA1A848F4}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{6CFD1594-E08A-45AC-9A5C-E93E2CA65507}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{816E01A9-B40C-46FC-90AD-38FCEEC421D3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{82AFB142-879E-43A0-BAE4-18305A5739A4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9622E92F-D655-45C5-99A5-5EE1CFC7FDC1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{96B7CF98-2188-43D7-B6AD-80464AA4A8B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{9F65533E-B8EA-4406-B6C0-26E71FB9DBAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A8D61A3D-C2A0-4752-9D4A-3F28F1C7B08E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA1DD2FB-CDB3-4B25-BED1-771AB49FB9CE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC3D2962-16F0-40BF-950B-90AC7303BBBC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B644982C-697C-4FB8-9A6D-E77434958FEB}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{DDA3ED4D-EFAB-4943-AE57-F4AD2625513E}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{FC721B96-5009-4F7B-95CB-285CABBC705A}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FC988C37-F19A-4092-A879-1F66E45C6410}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1791E7D7-BBE7-4C8A-A9D9-443943DC95B7}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{61804413-A9C7-40AC-BC38-A396729E4F30}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E9AD9B25-5E65-417D-A0D2-552F338F4680}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{FB610AE5-4C1A-4D8C-A456-F4D3EE2409D8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

hanqba1 · 2011/10/18

otl extra

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{66491E5A-7899-4863-A2E9-057E10BCB578}" = Samsung SecretZone
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Centre
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Formulator Tarsia_is1" = Formulator Tarsia 2.0
"GridVista" = GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"QueTek File Scavenger 3.2 (en)" = File Scavenger 3.2 (en)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2011/10/18

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
DRV - File not found [Kernel | Unknown | Running] -- -- (mvd20)
DRV - File not found [Kernel | Unknown | Running] -- -- (mdf15)
DRV - [2010/02/13 18:50:13 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
[2011/10/14 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2011/10/14 19:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011/10/12 18:36:43 | 000,000,000 | -HSD | C] -- C:\Users\Sarah\AppData\Local\22a6abd8
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:798A3728

:Files
C:\Program Files\Avira

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

hanqba1 · 2011/10/18

run fix log

iles\Folders moved on Reboot...
C:\Program Files\Avira\AntiVir Desktop\avguard.exe moved successfully.
C:\Program Files\Avira\AntiVir Desktop\sched.exe moved successfully.
C:\Windows\System32\drivers\avgntflt.sys moved successfully.
Folder move failed. C:\Program Files\Avira\AntiVir Desktop scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avira\AntiVir Desktop scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Avira scheduled to be moved on reboot.

Registry entries deleted on Reboot...

hanqba1 · 2011/10/18

security check log

while running check a window opened saying avira could not update. here is log Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````

broni · 2011/10/18

When you're done with Eset scan post new OTL "Quick scan" log so we can if there are still some Avira leftovers.

Also.....

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

========================================================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

Log in or Sign up

Solved virus stopped my avira working vista

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved virus stopped my avira working vista

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

hanqba1 Inactive Thread Starter

hanqba1 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches