TechSpot

Help with VBS Generic Virus

Solved
By oobersheep
May 23, 2011
  1. Hi Im new here although I did join up a while ago. I managed to fix what ever problem it was with out needing to post. I think Ive taken care of this one as well but Im not too sure.

    The Problem
    ----------------
    Last Friday (20.5.2011) I managaed to contract a virus on my computer. I only knew about the virus on saturday when AVG began detecting VBS Generic viruses on my computer. I used AVG to remove, quarantine and heal the infected files. The warnings kept happening, I eventually found and uninstalled a number of programmes that had the virus. These included Skype and alot of files related to the App Roming data - (which I cant find). On Sunday AVG gave up the last of these infected files and notified me of a Trojan - SHuer3. I tried to heal it the file but AVG couldnt remove or heal the file.I located the file and realised that it was in a file called Startup that was located in the "All Programs" (Im pretty sure the file was never there originally, but I dont know for sure).
    I looked on your forum, and saw the removal steps which I followed they found nothing( I didnt know how to turn AVG off.) but whilst they where running AVG kept finding the trojan, over and over. So I did something which was probably stupid which was I deleted the actual file. The problem has not happened again, AVG has not detected the VBS generic viruses or the Trojan.
    I ran the virus and malware removal steps as detailed in the forum again. They found nothing again. AVG didnt find anything either.
    I dont really want to waste anyones time.

    My System
    System
    --------------------------------------------------------------------------------

    Manufacturer SAMSUNG ELECTRONICS CO., LTD.
    Model RV410/RV510/S3510/E3510
    Total amount of system memory 4.00 GB RAM
    System type 64-bit operating system
    Number of processor cores 2

    Storage
    --------------------------------------------------------------------------------

    Total size of hard disk(s) 578 GB
    Disk partition (C:) 128 GB Free (232 GB Total)
    Disk partition (D:) 346 GB Free (346 GB Total)
    Media drive (E:) CD/DVD

    Graphics
    --------------------------------------------------------------------------------

    Display adapter type Mobile Intel(R) 4 Series Express Chipset Family
    Total available graphics memory 1695 MB
    Dedicated graphics memory 64 MB
    Dedicated system memory 0 MB
    Shared system memory 1631 MB
    Display adapter driver version 8.15.10.2202
    Primary monitor resolution 1366x768
    DirectX version DirectX 10

    Network
    --------------------------------------------------------------------------------

    Network Adapter Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
    Network Adapter Atheros AR9285 Wireless Network Adapter

    Component Details Subscore Base score
    Processor Pentium(R) Dual-Core CPU T4500 @ 2.30GHz 5.8 3.2
    Determined by lowest subscore

    Memory (RAM) 4.00 GB 5.8
    Graphics Mobile Intel(R) 4 Series Express Chipset Family 3.2
    Gaming graphics 1695 MB Total available graphics memory 3.2
    Primary hard disk 128GB Free (232GB Total) 5.9

    Here are the Logs requested.
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6641

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    22/05/2011 17:45:37
    mbam-log-2011-05-22 (17-45-37).txt

    Scan type: Quick scan
    Objects scanned: 164210
    Time elapsed: 3 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ---------------------------------------
    gmer = no results

    ----------------------------------------
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by oober at 18:06:58 on 2011-05-22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4029.1898 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Windows\system32\WTablet\Wacom_TabletUser.exe
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    C:\Program Files (x86)\Last.fm\LastFM.exe
    C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
    C:\Program Files (x86)\AVG\AVG10\avgsrmax.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\oober\Downloads\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://samsung.msn.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://samsung.msn.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\oober\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bdwvhhfq.exe
    StartupFolder: C:\Users\oober\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableStartupSound = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
    FF - component: C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 947528]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-22 16:41:15 -------- d-----w- C:\Users\oober\AppData\Roaming\Malwarebytes
    2011-05-22 16:41:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-22 16:41:08 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-05-22 16:41:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-22 16:41:04 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-22 16:41:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-22 12:14:39 -------- d-----w- C:\ProgramData\Skype Extras
    2011-05-21 01:48:06 -------- d--h--w- C:\$AVG
    2011-05-21 00:42:19 -------- d-----w- C:\Users\oober\swfjweva
    2011-05-19 19:10:09 -------- d-----w- C:\ProgramData\FlexiMusic
    2011-05-19 19:09:16 609824 ----a-w- C:\Windows\SysWow64\COMCTL32.OCX
    2011-05-19 19:09:15 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
    2011-05-19 19:09:15 1081616 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2011-05-13 15:23:39 -------- d-----w- C:\Users\oober\AppData\Roaming\inkscape
    2011-05-13 15:19:00 -------- d-----w- C:\Program Files (x86)\Inkscape
    2011-05-11 17:58:43 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 17:58:42 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 17:58:42 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 17:58:20 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 17:58:20 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 17:58:20 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 17:58:20 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 17:58:20 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 17:58:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 17:58:20 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-07 17:47:55 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-05-07 17:47:54 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-05-07 17:47:54 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-05-07 17:47:54 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-05-07 17:47:54 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-05-07 17:47:53 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-07 17:47:53 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-05-07 17:47:53 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-05-02 19:39:16 -------- d-----w- C:\Users\oober\AppData\Local\AVG Security Toolbar
    2011-04-29 00:02:04 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-04-29 00:02:04 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-04-29 00:02:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-04-29 00:02:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-04-29 00:02:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-04-29 00:02:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-04-29 00:02:03 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-04-29 00:02:03 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-04-29 00:02:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-04-29 00:02:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-04-29 00:02:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-04-27 21:16:01 2870272 ----a-w- C:\Windows\explorer.exe
    2011-04-27 21:16:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-04-27 21:16:00 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-04-27 21:16:00 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-04-27 21:15:35 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-04-27 21:15:34 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-04-25 18:54:01 -------- d-----w- C:\Program Files\iTunes
    2011-04-25 18:54:01 -------- d-----w- C:\Program Files\iPod
    2011-04-25 18:52:12 -------- d-----w- C:\Program Files\Bonjour
    2011-04-25 18:52:12 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-04-24 11:28:44 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2011-04-24 11:28:43 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-04-24 11:28:43 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-04-24 11:28:43 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-04-24 11:28:43 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-04-24 11:28:43 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-04-24 11:28:43 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-04-24 11:28:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    2011-04-22 19:02:21 -------- d-----w- C:\Users\oober\AppData\Local\{3737C9FC-E9BB-4040-B7E7-AACE758620FC}
    .
    ==================== Find3M ====================
    .
    2011-04-14 20:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
    2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-04-04 23:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2011-03-16 15:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-03-01 13:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-02-22 07:12:46 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
    .
    ============= FINISH: 18:07:31.96 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/11/2010 05:01:11
    System Uptime: 22/05/2011 10:04:16 (8 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 128.433 GiB free.
    D: is FIXED (NTFS) - 346 GiB total, 346.288 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP61: 12/05/2011 07:54:41 - Windows Update
    RP62: 21/05/2011 03:46:02 - Scheduled Checkpoint
    RP63: 22/05/2011 13:10:46 - Removed Skype™ 5.0
    RP64: 22/05/2011 14:33:22 - Removed ArtRage Studio Pro Demo
    RP65: 22/05/2011 14:35:18 - Removed Google SketchUp 8
    RP66: 22/05/2011 14:36:47 - Removed Google SketchUp 8
    RP67: 22/05/2011 14:37:21 - Removed Google SketchUp 8
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Software Update
    Atheros Client Installation Program
    Audacity 1.3.12 (Unicode)
    Audible Download Manager
    BatteryLifeExtender
    Bejeweled 2 Deluxe
    Build-a-lot
    Canon MP Navigator EX 4.0
    Chuzzle Deluxe
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    Farm Frenzy
    G-Force
    GamersFirst LIVE!
    IMinent Toolbar
    Inkscape 0.48.1
    Insaniquarium Deluxe
    Intel AppUp(SM) center
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 22
    John Deere Drive Green
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Linux MultiMedia Studio (LMMS)
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notepad++
    Oblivion
    Oblivion - Knights of the Nine
    OpenOffice.org 3.3
    Pando Media Booster
    Peggle
    Penguins!
    Picasa 3
    Plants vs. Zombies
    Polar Golfer
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Samsung AnyWeb Print
    Samsung Recovery Solution 5
    Samsung Support Center
    Samsung Universal Print Driver
    Samsung Update Plus
    SamsungMovie
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Skype Toolbars
    Skype™ 5.3
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    User Guide
    Visual Studio 2008 x64 Redistributables
    Wacom Tablet
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WhiteCap
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== End Of File ===========================
     
  2. oobersheep

    oobersheep TS Rookie Topic Starter

    adding more info

    sorry i know i should add the amendments tothe orginal post but they are too long and i dont know how to merge them sorry.
    here is the last AVG log scan
    "Scan ""Whole computer scan"" completed."
    "Infections";"8";"8";"0"
    "Folders selected for scanning:";"Whole computer scan"
    "Scan started:";"22 May 2011, 14:40:01"
    "Scan finished:";"22 May 2011, 14:58:15 (18 minute(s) 13 second(s))"
    "Total object scanned:";"1563648"
    "User who launched the scan:";"oober"

    "Infections"
    "";"File";"Infection";"Result"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLP6YSTM\xml[2].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLP6YSTM\xml[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQOTGRMD\skypehome[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQOTGRMD\frame-hider[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQOTGRMD\channel[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQOTGRMD\;sz=650x170;ord=9755444356661974[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N4HOZKLS\continue[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    "";"C:\Users\oober\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L24R97IE\connect[1].htm";"Virus found VBS/Generic";"Moved to Virus Vault"
    ---------------------------
    and in the next post I will supply the second run of malware removal steps.
     
  3. oobersheep

    oobersheep TS Rookie Topic Starter

    the second run of malware removal steps

    here are the second run of malware removal steps.
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6654

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    23/05/2011 18:54:08
    mbam-log-2011-05-23 (18-54-08).txt

    Scan type: Quick scan
    Objects scanned: 163709
    Time elapsed: 2 minute(s), 59 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ----------------------------------------------
    gmer gave no report
    ----------------------
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Run by oober at 20:33:56 on 2011-05-23
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4029.2238 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG10\avgchsva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Wacom_Tablet.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    C:\PROGRA~2\AVG\AVG10\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
    c:\program files (x86)\real\realplayer\update\realsched.exe
    C:\Windows\system32\mmc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\oober\Downloads\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://samsung.msn.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://samsung.msn.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    BHO: W2PBrowser Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableStartupSound = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.type - 0
    FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
    FF - component: C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 947528]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-22 16:41:15 -------- d-----w- C:\Users\oober\AppData\Roaming\Malwarebytes
    2011-05-22 16:41:08 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-22 16:41:08 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-05-22 16:41:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-05-22 16:41:04 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-05-22 16:41:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-05-22 12:14:39 -------- d-----w- C:\ProgramData\Skype Extras
    2011-05-21 01:48:06 -------- d--h--w- C:\$AVG
    2011-05-21 00:42:19 -------- d-----w- C:\Users\oober\swfjweva
    2011-05-19 19:10:09 -------- d-----w- C:\ProgramData\FlexiMusic
    2011-05-19 19:09:16 609824 ----a-w- C:\Windows\SysWow64\COMCTL32.OCX
    2011-05-19 19:09:15 152848 ----a-w- C:\Windows\SysWow64\COMDLG32.OCX
    2011-05-19 19:09:15 1081616 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2011-05-13 15:23:39 -------- d-----w- C:\Users\oober\AppData\Roaming\inkscape
    2011-05-13 15:19:00 -------- d-----w- C:\Program Files (x86)\Inkscape
    2011-05-11 17:58:43 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-11 17:58:42 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-11 17:58:42 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-11 17:58:20 99328 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2011-05-11 17:58:20 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2011-05-11 17:58:20 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2011-05-11 17:58:20 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2011-05-11 17:58:20 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2011-05-11 17:58:20 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2011-05-11 17:58:20 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2011-05-07 17:47:55 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-05-07 17:47:54 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-05-07 17:47:54 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-05-07 17:47:54 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-05-07 17:47:54 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-05-07 17:47:53 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-07 17:47:53 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-05-07 17:47:53 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-05-02 19:39:16 -------- d-----w- C:\Users\oober\AppData\Local\AVG Security Toolbar
    2011-04-29 00:02:04 2566144 ----a-w- C:\Windows\System32\esent.dll
    2011-04-29 00:02:04 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2011-04-29 00:02:03 96768 ----a-w- C:\Windows\System32\fsutil.exe
    2011-04-29 00:02:03 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
    2011-04-29 00:02:03 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
    2011-04-29 00:02:03 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
    2011-04-29 00:02:03 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
    2011-04-29 00:02:03 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
    2011-04-29 00:02:03 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
    2011-04-29 00:02:03 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
    2011-04-29 00:02:03 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
    2011-04-27 21:16:01 2870272 ----a-w- C:\Windows\explorer.exe
    2011-04-27 21:16:01 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-04-27 21:16:00 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-04-27 21:16:00 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-04-27 21:15:35 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-04-27 21:15:34 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-04-25 18:54:01 -------- d-----w- C:\Program Files\iTunes
    2011-04-25 18:54:01 -------- d-----w- C:\Program Files\iPod
    2011-04-25 18:52:12 -------- d-----w- C:\Program Files\Bonjour
    2011-04-25 18:52:12 -------- d-----w- C:\Program Files (x86)\Bonjour
    2011-04-24 11:28:44 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
    2011-04-24 11:28:43 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
    2011-04-24 11:28:43 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
    2011-04-24 11:28:43 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
    2011-04-24 11:28:43 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
    2011-04-24 11:28:43 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
    2011-04-24 11:28:43 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
    2011-04-24 11:28:42 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    .
    ==================== Find3M ====================
    .
    2011-04-14 20:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
    2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
    2011-04-06 15:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2011-04-06 15:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
    2011-04-06 15:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2011-04-06 15:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2011-04-06 15:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2011-04-06 15:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
    2011-04-06 15:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2011-04-06 15:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2011-04-04 23:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2011-03-16 15:03:18 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-03-01 13:25:18 41552 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
    2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
    2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    .
    ============= FINISH: 20:34:25.51 ===============
    --------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/11/2010 05:01:11
    System Uptime: 23/05/2011 17:55:38 (3 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510
    Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 128.181 GiB free.
    D: is FIXED (NTFS) - 346 GiB total, 346.288 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP61: 12/05/2011 07:54:41 - Windows Update
    RP62: 21/05/2011 03:46:02 - Scheduled Checkpoint
    RP63: 22/05/2011 13:10:46 - Removed Skype™ 5.0
    RP64: 22/05/2011 14:33:22 - Removed ArtRage Studio Pro Demo
    RP65: 22/05/2011 14:35:18 - Removed Google SketchUp 8
    RP66: 22/05/2011 14:36:47 - Removed Google SketchUp 8
    RP67: 22/05/2011 14:37:21 - Removed Google SketchUp 8
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1
    Adobe Shockwave Player 11.5
    Agatha Christie - Death on the Nile
    Apple Application Support
    Apple Software Update
    Atheros Client Installation Program
    Audacity 1.3.12 (Unicode)
    Audible Download Manager
    BatteryLifeExtender
    Bejeweled 2 Deluxe
    Build-a-lot
    Canon MP Navigator EX 4.0
    Chuzzle Deluxe
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    Farm Frenzy
    G-Force
    GamersFirst LIVE!
    IMinent Toolbar
    Inkscape 0.48.1
    Insaniquarium Deluxe
    Intel AppUp(SM) center
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 22
    John Deere Drive Green
    Junk Mail filter update
    Last.fm 1.5.4.27091
    Linux MultiMedia Studio (LMMS)
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notepad++
    Oblivion
    Oblivion - Knights of the Nine
    OpenOffice.org 3.3
    Pando Media Booster
    Peggle
    Penguins!
    Picasa 3
    Plants vs. Zombies
    Polar Golfer
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Samsung AnyWeb Print
    Samsung Recovery Solution 5
    Samsung Support Center
    Samsung Universal Print Driver
    Samsung Update Plus
    SamsungMovie
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Skype Toolbars
    Skype™ 5.3
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    User Guide
    Visual Studio 2008 x64 Redistributables
    Wacom Tablet
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    WhiteCap
    WildTangent Games
    WildTangent ORB Game Console
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    .
    ==== End Of File ===========================

    Again im sorry Ive have not learnt how to merge the posts. I hope this is the info you need. I have had no reoccurence of the VBS or trojan since. I guess I just need reassurance that im safe to carry out transactions on line.
    Thanking you in advance for all and any help given. I hope i have not annoyed with my posts. Thank you and cheers.
     
  4. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. oobersheep

    oobersheep TS Rookie Topic Starter

    AVG not uninstalling

    I cant get combo fix to run as AVG wont uninstall when using the app remover tool. it keeps finding the AVG redistributable files and keeps uninsatlling them only to not have actualy uninstalled them. Combo fix wont run as it keeps saying AVG is installed. I cant find any avg files on my computer. and i dont know how to get windows 7 into safe mode either so all in all im not doing to well here:(
    any advice?
    ignore that - I found the uninstalled files and deleted them. and combo fix worked well.
    the logs are attached below.

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-24 18:57:23
    -----------------------------
    18:57:23.730 OS Version: Windows x64 6.1.7600
    18:57:23.730 Number of processors: 2 586 0x170A
    18:57:23.732 ComputerName: DIRTDIVER UserName: oober
    18:57:26.205 Initialize success
    18:57:46.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:57:46.275 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 610480MB BusType: 3
    18:57:46.290 Disk 0 MBR read successfully
    18:57:46.297 Disk 0 MBR scan
    18:57:46.301 Disk 0 unknown MBR code
    18:57:46.306 Service scanning
    18:57:47.153 Disk 0 trace - called modules:
    18:57:47.188 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
    18:57:47.194 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b1b060]
    18:57:47.202 3 CLASSPNP.SYS[fffff880013c243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800479f050]
    18:57:47.209 Scan finished successfully
    18:58:31.505 Disk 0 MBR has been saved successfully to "C:\Users\oober\Desktop\VIRUS LOGS\new viral scans\MBR.dat"
    18:58:31.507 The log file has been saved successfully to "C:\Users\oober\Desktop\VIRUS LOGS\new viral scans\aswMBR.txt"

    ----------------------------Combo fix log below
    ComboFix 11-05-23.02 - oober 25/05/2011 20:46:27.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4029.2873 [GMT 1:00]
    Running from: c:\users\oober\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-25 to 2011-05-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-25 19:50 . 2011-05-25 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-05-24 17:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-24 17:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-05-22 16:41 . 2011-05-22 16:41 -------- d-----w- c:\users\oober\AppData\Roaming\Malwarebytes
    2011-05-22 16:41 . 2011-05-22 16:41 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
    2011-05-22 16:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-05-22 16:41 . 2011-05-22 16:41 -------- d-----w- c:\programdata\Malwarebytes
    2011-05-22 16:41 . 2011-05-22 16:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-05-22 16:41 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-22 12:14 . 2011-05-22 12:14 -------- d-----w- c:\programdata\Skype Extras
    2011-05-22 12:13 . 2011-05-22 12:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2011-05-21 01:48 . 2011-05-21 01:48 -------- d-----w- C:\$AVG
    2011-05-21 00:42 . 2011-05-22 17:02 -------- d-----w- c:\users\oober\swfjweva
    2011-05-19 19:10 . 2011-05-19 19:10 -------- d-----w- c:\programdata\FlexiMusic
    2011-05-19 19:09 . 2004-03-08 23:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.OCX
    2011-05-19 19:09 . 2004-03-08 23:00 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
    2011-05-19 19:09 . 2004-03-08 23:00 1081616 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
    2011-05-15 12:11 . 2011-05-15 12:11 -------- d-----w- c:\users\Public\CyberLink
    2011-05-13 15:23 . 2011-05-13 15:23 -------- d-----w- c:\users\oober\AppData\Roaming\inkscape
    2011-05-13 15:19 . 2011-05-13 15:23 -------- d-----w- c:\program files (x86)\Inkscape
    2011-05-11 17:58 . 2011-04-09 06:45 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-05-11 17:58 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-05-11 17:58 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-05-11 17:58 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2011-05-11 17:58 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2011-05-11 17:58 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
    2011-05-11 17:58 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2011-05-11 17:58 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2011-05-11 17:58 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2011-05-11 17:58 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
    2011-05-07 17:47 . 2011-05-07 17:47 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-05-07 17:47 . 2011-05-07 17:47 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-05-07 17:47 . 2011-05-07 17:47 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-05-07 17:47 . 2011-05-07 17:47 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-05-07 17:47 . 2011-05-07 17:47 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-05-07 17:47 . 2011-05-07 17:47 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-05-07 17:47 . 2011-05-07 17:47 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-05-07 17:47 . 2011-05-07 17:47 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-05-02 19:39 . 2011-05-02 19:39 -------- d-----w- c:\users\oober\AppData\Local\AVG Security Toolbar
    2011-04-29 00:02 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2011-04-29 00:02 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
    2011-04-29 00:02 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
    2011-04-29 00:02 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
    2011-04-29 00:02 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
    2011-04-29 00:02 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
    2011-04-29 00:02 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
    2011-04-29 00:02 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
    2011-04-29 00:02 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
    2011-04-29 00:02 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
    2011-04-29 00:02 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
    2011-04-27 21:16 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
    2011-04-27 21:16 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
    2011-04-27 21:16 . 2011-03-12 12:03 662528 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-04-27 21:16 . 2011-03-12 11:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2011-04-27 21:15 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
    2011-04-27 21:15 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-12 08:20 . 2011-05-12 08:40 362 ----a-w- c:\windows\Fonts\BOISTERC.PFM
    2011-05-12 08:20 . 2011-05-12 08:40 1482 ----a-w- c:\windows\Fonts\BOISTERB.PFM
    2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2011-04-06 15:26 . 2011-04-06 15:26 96544 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 15:26 . 2011-04-06 15:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 15:26 . 2011-04-06 15:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 15:26 . 2011-04-06 15:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
    2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
    2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    2011-04-04 23:59 . 2011-04-04 23:59 377936 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2011-04-01 20:32 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-03-16 15:03 . 2011-03-16 15:03 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    2011-03-11 06:19 . 2011-04-14 17:02 1359872 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 06:19 . 2011-04-14 17:02 1395712 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-11 05:40 . 2011-04-14 17:02 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
    2011-03-11 05:40 . 2011-04-14 17:02 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
    2011-03-08 06:14 . 2011-04-14 17:02 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-08 05:38 . 2011-04-14 17:02 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-03-04 06:17 . 2011-04-27 21:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-03-04 06:17 . 2011-04-27 21:15 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2011-03-03 06:17 . 2011-04-14 17:02 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-03-03 06:14 . 2011-04-14 17:02 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-03-03 05:27 . 2011-04-14 17:02 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
    2011-03-03 03:58 . 2011-04-14 17:02 3133440 ----a-w- c:\windows\system32\win32k.sys
    2011-03-01 13:25 . 2011-03-01 13:25 41552 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    2010-07-02 09:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
    .
    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-12-03 2937528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-01-28 273544]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-04-09 1302]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableStartupSound"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-23 11075176]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://samsung.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
    FF - ProfilePath - c:\users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-05-25 20:52:02
    ComboFix-quarantined-files.txt 2011-05-25 19:52
    .
    Pre-Run: 140,770,844,672 bytes free
    Post-Run: 141,802,323,968 bytes free
    .
    - - End Of File - - D75E3A59D4BFDB882E5837B9DEA49030

    hope thats what you need.
     
  6. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. oobersheep

    oobersheep TS Rookie Topic Starter

    OLT scan logs

    OTL logfile created on: 5/25/2011 10:08:39 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\oober\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.49% Memory free
    7.87 Gb Paging File | 6.18 Gb Available in Paging File | 78.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.00 Gb Total Space | 130.93 Gb Free Space | 56.44% Space Free | Partition Type: NTFS
    Drive D: | 346.40 Gb Total Space | 346.29 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

    Computer Name: DIRTDIVER | User Name: oober | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/05/25 22:06:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\oober\Downloads\OTL.exe
    PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2011/01/28 22:02:42 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/12/01 15:26:40 | 000,574,216 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe
    PRC - [2010/07/30 09:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2010/07/27 06:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/05/25 22:06:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\oober\Downloads\OTL.exe
    MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2010/03/09 01:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/06/03 18:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/04/24 02:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/04/24 02:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/04/14 21:28:24 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2011/02/18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/08/10 03:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/07/08 09:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/06/10 20:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/04/24 02:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/04/24 02:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/04/24 02:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/01/25 00:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2009/10/13 03:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/22 00:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2007/02/16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2010/10/11 16:46:05 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
    FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
    FF - prefs.js..extensions.enabledItems: {C9B68337-E93A-44EA-94DC-CB300EC06444}:3.26.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/28 22:03:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/05/25 21:12:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/07 18:48:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/07 18:48:02 | 000,000,000 | ---D | M]

    [2010/11/27 02:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oober\AppData\Roaming\Mozilla\Extensions
    [2011/05/22 18:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oober\AppData\Roaming\Mozilla\Firefox\Profiles\4zwwl19r.default\extensions
    [2011/02/07 08:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/02/07 08:54:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/05/25 21:12:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
    [2011/01/28 22:03:00 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    () (No name found) -- C:\USERS\OOBER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4ZWWL19R.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
    [2011/05/07 18:47:53 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    [2011/02/07 08:53:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/03 22:19:08 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
    [2011/05/07 18:47:57 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2011/05/07 18:47:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
    [2011/05/07 18:47:57 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2011/05/07 18:47:57 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2011/05/07 18:47:57 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk ()
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-3319042926-2513336005-101065848-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/25 21:27:27 | 000,000,000 | ---D | C] -- C:\Users\oober\AppData\Roaming\AVG10
    [2011/05/25 21:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
    [2011/05/25 21:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2011/05/25 21:06:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/05/25 21:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/05/25 20:52:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/05/25 20:45:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/05/25 20:45:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/05/25 20:45:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/05/25 20:45:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/05/25 20:45:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/05/24 19:14:14 | 006,389,088 | ---- | C] (OPSWAT, Inc.) -- C:\Users\oober\Desktop\AppRemover.exe
    [2011/05/24 19:05:35 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/24 18:55:54 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\oober\Desktop\aswMBR.exe
    [2011/05/22 17:46:43 | 000,000,000 | ---D | C] -- C:\Users\oober\Desktop\VIRUS LOGS
    [2011/05/22 17:41:15 | 000,000,000 | ---D | C] -- C:\Users\oober\AppData\Roaming\Malwarebytes
    [2011/05/22 17:41:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/05/22 17:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/05/22 17:41:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    [2011/05/22 17:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/05/22 17:41:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2011/05/22 17:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/05/22 13:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
    [2011/05/22 13:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2011/05/22 13:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2011/05/21 02:48:06 | 000,000,000 | ---D | C] -- C:\$AVG
    [2011/05/21 01:42:19 | 000,000,000 | ---D | C] -- C:\Users\oober\swfjweva
    [2011/05/19 20:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FlexiMusic
    [2011/05/19 20:10:07 | 000,000,000 | ---D | C] -- C:\Users\oober\Documents\FlexiMusic Kids Composer
    [2011/05/13 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\oober\AppData\Roaming\inkscape
    [2011/05/13 16:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
    [2011/05/12 09:14:19 | 000,000,000 | ---D | C] -- C:\Users\oober\Documents\Trans fonts
    [2011/05/12 08:13:36 | 000,000,000 | ---D | C] -- C:\Users\oober\Documents\Fonts
    [2011/05/07 19:50:04 | 000,000,000 | ---D | C] -- C:\Users\oober\Documents\Emails Draft
    [2011/05/02 20:39:16 | 000,000,000 | ---D | C] -- C:\Users\oober\AppData\Local\AVG Security Toolbar

    ========== Files - Modified Within 30 Days ==========

    [2011/05/25 21:28:36 | 116,046,799 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2011/05/25 21:12:51 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/05/25 21:12:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2011/05/25 21:12:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2011/05/25 20:18:40 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/05/25 20:18:40 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/05/25 20:11:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/05/25 20:11:11 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/25 19:35:22 | 000,149,631 | ---- | M] () -- C:\Users\oober\Desktop\topic165501.html
    [2011/05/24 19:14:28 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Users\oober\Desktop\AppRemover.exe
    [2011/05/24 18:59:49 | 004,353,961 | R--- | M] () -- C:\Users\oober\Desktop\ComboFix.exe
    [2011/05/24 18:55:54 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\oober\Desktop\aswMBR.exe
    [2011/05/22 17:41:08 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/22 17:35:44 | 000,000,656 | ---- | M] () -- C:\Users\oober\Documents\Avgdisk.csv
    [2011/05/22 13:13:55 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/05/21 20:04:03 | 000,483,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/05/18 19:30:22 | 000,000,996 | ---- | M] () -- C:\Users\oober\.lmmsrc.xml
    [2011/05/15 02:47:35 | 000,000,218 | ---- | M] () -- C:\Users\oober\.recently-used.xbel
    [2011/05/14 20:54:34 | 000,014,848 | ---- | M] () -- C:\Users\oober\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/13 16:22:54 | 000,001,031 | ---- | M] () -- C:\Users\oober\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
    [2011/05/13 16:22:54 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
    [2011/05/08 18:04:22 | 000,256,191 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2011/05/07 19:52:26 | 000,002,052 | ---- | M] () -- C:\Users\oober\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/27 22:03:02 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/04/27 22:03:02 | 000,628,904 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/04/27 22:03:02 | 000,110,798 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2011/05/25 21:12:51 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/05/25 20:45:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/05/25 20:45:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/05/25 20:45:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/05/25 20:45:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/05/25 20:45:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/05/25 19:35:19 | 000,149,631 | ---- | C] () -- C:\Users\oober\Desktop\topic165501.html
    [2011/05/24 18:59:01 | 004,353,961 | R--- | C] () -- C:\Users\oober\Desktop\ComboFix.exe
    [2011/05/22 17:41:08 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/05/22 17:35:44 | 000,000,656 | ---- | C] () -- C:\Users\oober\Documents\Avgdisk.csv
    [2011/05/22 13:13:55 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2011/05/15 02:47:35 | 000,000,218 | ---- | C] () -- C:\Users\oober\.recently-used.xbel
    [2011/05/13 16:23:17 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
    [2011/05/13 16:22:54 | 000,001,031 | ---- | C] () -- C:\Users\oober\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
    [2011/05/13 16:22:54 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
    [2011/05/07 18:48:06 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/03/06 17:52:50 | 000,014,848 | ---- | C] () -- C:\Users\oober\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/06 20:57:36 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT
    [2011/01/24 08:08:01 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/12/21 15:25:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/11/24 06:03:24 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2010/11/23 22:00:22 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
    [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/08/12 21:42:47 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2010/08/12 06:34:40 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
    [2010/08/12 05:44:21 | 000,001,960 | ---- | C] () -- C:\Windows\HotFixList.ini
    [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/02/06 21:05:56 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Ambient Design
    [2011/05/21 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Audacity
    [2011/05/25 21:27:27 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\AVG10
    [2010/11/28 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Blender Foundation
    [2011/02/06 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Canon
    [2010/11/29 23:20:45 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\fltk.org
    [2010/12/05 01:09:59 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\gtk-2.0
    [2011/05/13 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\inkscape
    [2011/01/06 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Jasc
    [2011/01/03 10:28:34 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Notepad++
    [2011/02/07 08:58:26 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\OpenOffice.org
    [2010/11/24 06:03:14 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Samsung
    [2011/05/25 19:39:22 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\SoftGrid Client
    [2011/04/17 08:39:31 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\SoundSpectrum
    [2011/01/24 08:09:06 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\TP
    [2011/03/04 21:34:01 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Windows Live Writer
    [2010/11/30 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\oober\AppData\Roaming\Xtranormal
    [2009/07/14 06:08:49 | 000,018,500 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/05/25 20:52:02 | 000,018,650 | ---- | M] () -- C:\ComboFix.txt
    [2011/05/25 20:11:11 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/25 20:11:11 | 4224,307,200 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/12 05:37:40 | 000,002,162 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/24 06:03:17 | 000,000,196 | ---- | M] () -- C:\setup.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >
    [2006/11/09 23:31:56 | 000,016,018 | ---- | M] () -- C:\Windows\Samsung.png

    < %systemroot%\*.scr >
    [2009/11/16 08:27:16 | 019,480,587 | ---- | M] () -- C:\Windows\Crystal Delight.scr
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/11/23 22:20:52 | 000,000,221 | -HS- | M] () -- C:\Users\oober\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/05/24 19:14:28 | 006,389,088 | ---- | M] (OPSWAT, Inc.) -- C:\Users\oober\Desktop\AppRemover.exe
    [2011/05/24 18:55:54 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\oober\Desktop\aswMBR.exe
    [2011/05/24 18:59:49 | 004,353,961 | R--- | M] () -- C:\Users\oober\Desktop\ComboFix.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/08/12 21:32:16 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/08/12 21:32:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/08/12 21:32:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/08/12 21:32:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2010/08/12 21:32:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2010/08/12 21:32:16 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/30 19:55:39 | 000,000,402 | -HS- | M] () -- C:\Users\oober\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4

    < End of report >
     
  8. oobersheep

    oobersheep TS Rookie Topic Starter

    OTL extras scan log

    OTL Extras logfile created on: 5/25/2011 10:08:39 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\oober\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.49% Memory free
    7.87 Gb Paging File | 6.18 Gb Available in Paging File | 78.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 232.00 Gb Total Space | 130.93 Gb Free Space | 56.44% Space Free | Partition Type: NTFS
    Drive D: | 346.40 Gb Total Space | 346.29 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

    Computer Name: DIRTDIVER | User Name: oober | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
    "{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DC7333D1-596A-404D-876D-446E6D27BA20}" = AVG 2011
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF74BAA3-4185-437E-92CC-A442BAF0FE83}" = AVG 2011
    "AVG" = AVG 2011
    "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
    "Elantech" = ETDWare PS/2-X64 8.0.7.0_WHQL
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
    "{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}" = Easy Network Manager
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69994440-F694-47AF-BA3C-8D81334D80B6}" = Samsung AnyWeb Print
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
    "AudibleDownloadManager" = Audible Download Manager
    "Digital Editions" = Adobe Digital Editions
    "Game Console - WildGames" = WildTangent ORB Game Console
    "GamersFirst LIVE!" = GamersFirst LIVE!
    "G-Force" = G-Force
    "Inkscape" = Inkscape 0.48.1
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Intel AppUp(SM) center 18988" = Intel AppUp(SM) center
    "LastFM_is1" = Last.fm 1.5.4.27091
    "LMMS 0.4.8" = Linux MultiMedia Studio (LMMS)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "Notepad++" = Notepad++
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Picasa 3" = Picasa 3
    "RealPlayer 12.0" = RealPlayer
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "Wacom Tablet Driver" = Wacom Tablet
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WhiteCap" = WhiteCap
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WT085559" = Diner Dash 2 Restaurant Rescue
    "WT085567" = Chuzzle Deluxe
    "WT085580" = John Deere Drive Green
    "WT085581" = Penguins!
    "WT085583" = Polar Golfer
    "WT085587" = Agatha Christie - Death on the Nile
    "WT085597" = Build-a-lot
    "WT085618" = Farm Frenzy
    "WT085622" = Insaniquarium Deluxe
    "WT085663" = Peggle
    "WT085669" = Plants vs. Zombies
    "WT089285" = Zuma Deluxe
    "WT089286" = Bejeweled 2 Deluxe

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3319042926-2513336005-101065848-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/14/2011 4:32:19 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8727039

    Error - 5/14/2011 4:32:19 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8727039

    Error - 5/14/2011 4:32:20 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/14/2011 4:32:20 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8728037

    Error - 5/14/2011 4:32:20 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8728037

    Error - 5/14/2011 4:32:21 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/14/2011 4:32:21 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8729051

    Error - 5/14/2011 4:32:21 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8729051

    Error - 5/14/2011 4:32:22 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 5/14/2011 4:32:22 PM | Computer Name = dirtdiver | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8730050

    [ System Events ]
    Error - 4/24/2011 4:45:20 PM | Computer Name = dirtdiver | Source = DCOM | ID = 10010
    Description =

    Error - 4/25/2011 2:39:50 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Wlansvc service.

    Error - 4/28/2011 10:21:00 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the iphlpsvc service.

    Error - 4/28/2011 10:21:30 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the LanmanServer service.

    Error - 4/28/2011 10:21:30 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7000
    Description = The Server service failed to start due to the following error: %%1053

    Error - 4/29/2011 2:50:28 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Software
    Protection service to connect.

    Error - 4/29/2011 2:50:28 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7000
    Description = The Software Protection service failed to start due to the following
    error: %%1053

    Error - 4/29/2011 2:51:11 PM | Computer Name = dirtdiver | Source = Service Control Manager | ID = 7043
    Description = The Windows Modules Installer service did not shut down properly after
    receiving a preshutdown control.

    Error - 5/5/2011 1:48:36 PM | Computer Name = dirtdiver | Source = Server | ID = 2505
    Description = The server could not bind to the transport \Device\NetBT_Tcpip_{0CD90AD9-643D-4912-881B-9CF2F89C000B}
    because another computer on the network has the same name. The server could not
    start.

    Error - 5/11/2011 2:56:04 PM | Computer Name = dirtdiver | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 19:54:33 on ?11/?05/?2011 was unexpected.


    < End of report >

    hope thats it.
    Cheers for the help so far.
     
  9. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    You didn't say:
     
  10. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      [2011/05/21 01:42:19 | 000,000,000 | ---D | C] -- C:\Users\oober\swfjweva
      @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:0B4227B4
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. oobersheep

    oobersheep TS Rookie Topic Starter

    final logs captain

    computer is running fine. no viral warnings.here are the final logs. thanks again so much. :)

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    C:\Users\oober\swfjweva folder moved successfully.
    ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: oober
    ->Temp folder emptied: 419423 bytes
    ->Temporary Internet Files folder emptied: 83377786 bytes
    ->Java cache emptied: 9348 bytes
    ->FireFox cache emptied: 62999380 bytes
    ->Flash cache emptied: 50256 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 237554 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101956 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 140.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: oober
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 05272011_193644

    Files\Folders moved on Reboot...
    C:\Users\oober\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...

    -------------------

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player 10.2.159.1
    Adobe Reader 9.1
    Out of date Adobe Reader installed!
    Mozilla Firefox (x86 en-GB..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````

    -----------------

    ESET found no threats and didnt get a log that i can find sorry.
    thanks again.
    I assume that means im clear to use internets for shopping etc?
    cheers:)
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    Good news :)

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  13. oobersheep

    oobersheep TS Rookie Topic Starter

    just been on comp and AVG has given a multiple threat detection. virus win32/heur.dropper
    Ive only been on facebook about 3 hrs ago after i did all the final things above. Ihave plugged in my ipod touch 4th gen. Is it possible that it is infected? and how can I clean it? The infections where located in c:\Program Files(x86)\WildGames\stock games from that file( i never play them)

    I got the warnings after i had my Ipod pluged in for about an hour and was playing Galaxy on fire 2 I just happened to glance at the laptop and saw the infection warnings.

    My only though is that its some app ive down loaded to my ipod.

    I also have a work laptop that is used in a school where kids have no concept of anti viral protection and will pass work they cant email on usb. Now I Know my work laptop is probabaly riddled i have AVG subscription on it and it takes pretty good care of the compture it uses Xp.
    I rarely transfere files between the home laptop and school laptop In fact the last time i did was over a month ago. I do on occassion access my email on the school laptop. is it possible that if i send an email to my gmail from the school lap top to my own accounut and open it on my home laptop that i wil infect my home lap top?
    My only other worry is that its on my Ipod..Is that possible?

    In any case i have deleted the wlidgames file as i never use it.
    should i change my virus protection?i tried norton and had MASSIVE issues with their customer service when norton locked my internet off. that was on a completely different machine years and years ago and bears no relevance to my current issues.

    Its okay if you cant help. Im extremly grateful for all the time you have spent on my problems.

    ho by the way on the final scans i had no issues.
    i am currently running malware to see if it picks up anything
    it finished ands detected nothing there is the log
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6654

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    29/05/2011 01:17:28
    mbam-log-2011-05-29 (01-17-28).txt

    Scan type: Quick scan
    Objects scanned: 168577
    Time elapsed: 2 minute(s), 54 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    excuse the poor grammar above but i have had a bit to drink. sorry.
     
  14. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    I don't think, you have a reason to worry.

    win32/heur.dropper - heur=heuristic, which means, that some file pattern may be matching malicious files patterns. It's like AV program guess.
    WildGames seem to safe from what I can see, so I'd assume it's a false positive.

    Now, whenever you use a computer, which accepts some unknown external devices, it's a good idea to install this on it....

    Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

    *Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
    • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

    Windows Vista and Windows 7 users
    Flash Disinfector is not compatible with the above Windows version.
    Please, use Panda USB Vaccine, or BitDefender’s USB Immunizer


    The above will prevent anything malicious to autorun from some external source, like USB stick.

    I'd also install the above on THIS computer and I'd also scan iPod with your AV program.

    Then continue with other steps from my previous reply.
     
  15. oobersheep

    oobersheep TS Rookie Topic Starter

    Thanks

    Thanks again. :)
     
  16. Broni

    Broni Malware Annihilator Posts: 48,033   +271

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.