Trojan.Vundo-Variant/F.Process

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Trojan.Vundo-Variant/F.Process my computer has been running slow for ages. I have AVG version 9 which

#1 Nerd

Group: Member
Posts: 2
Joined: 03-March 11

Posted 03 March 2011 - 05:25 PM

My computer has been running slow for ages. It started off occasionally with the blue system check and then it went to wanting to check each time the compter was turned on. Then each time I pressed the button to do a system check it got stuck and needed restarting. Which meant I could not do the system check. I was told this was to do with the memory and had a new memory put in. Which made a difference for a week.

I use AVG version 9 which didn't pick anything up but having had an infection on my work computer I decided to try a different anti virus which picked up the vundo variant. I have left it in quarantine until I receive your advice.I used super anti spyware for this check. I then searched for a definition and was linked to your site.

I would be very grateful if you could help me out.I am new to all of this.

The OTl report is as follows.

Thanks.

OTL Extras logfile created on: 03/03/2011 23:03:48 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Nic\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 187.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.38 Gb Total Space | 41.56 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Computer Name: RBEARD-F4BA0663 | User Name: Nic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" File not found
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG\AVG8\avgemc.exe" = C:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files (x86)\AVG\AVG8\avgdiag.exe" = C:\Program Files (x86)\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files (x86)\AVG\AVG8\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files (x86)\AVG\AVG8\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG8\avgnsa.exe:*:Enabled:avgnsa.exe
"C:\Program Files (x86)\AVG\AVG9\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgemc.exe" = C:\Program Files (x86)\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Real\RealPlayer\realplay.exe" = C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Ethan\Application Data\Football Superstars\FSClientr.exe" = C:\Documents and Settings\Ethan\Application Data\Football Superstars\FSClientr.exe:*:Disabled:FSClientr -- ()
"C:\Program Files (x86)\Nectar Search Toolbar\TroubleShooter.exe" = C:\Program Files (x86)\Nectar Search Toolbar\TroubleShooter.exe:*:Enabled:Nectar Search Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files (x86)\Nectar Search Toolbar\ToolbarUpdate.exe" = C:\Program Files (x86)\Nectar Search Toolbar\ToolbarUpdate.exe:*:Enabled:Nectar Search Toolbar (Update) -- (FreeCause Inc.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\AVG\AVG8\avgemc.exe" = C:\Program Files (x86)\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files (x86)\AVG\AVG8\avgupd.exe" = C:\Program Files (x86)\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe" = C:\Program Files (x86)\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files (x86)\MSN Messenger\livecall.exe" = C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files (x86)\AVG\AVG8\avgdiag.exe" = C:\Program Files (x86)\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe
"C:\Program Files (x86)\AVG\AVG8\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe
"C:\Program Files (x86)\AVG\AVG8\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG8\avgnsa.exe:*:Enabled:avgnsa.exe
"C:\Program Files (x86)\AVG\AVG9\avgdiagex.exe" = C:\Program Files (x86)\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgemc.exe" = C:\Program Files (x86)\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgupd.exe" = C:\Program Files (x86)\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\AVG\AVG9\avgnsa.exe" = C:\Program Files (x86)\AVG\AVG9\avgnsa.exe:*:Enabled:avgnsa.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files (x86)\Real\RealPlayer\realplay.exe" = C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Documents and Settings\Ethan\Application Data\Football Superstars\FSClientr.exe" = C:\Documents and Settings\Ethan\Application Data\Football Superstars\FSClientr.exe:*:Disabled:FSClientr -- ()
"C:\Program Files (x86)\Nectar Search Toolbar\TroubleShooter.exe" = C:\Program Files (x86)\Nectar Search Toolbar\TroubleShooter.exe:*:Enabled:Nectar Search Toolbar (Helper) -- (FreeCause Inc.)
"C:\Program Files (x86)\Nectar Search Toolbar\ToolbarUpdate.exe" = C:\Program Files (x86)\Nectar Search Toolbar\ToolbarUpdate.exe:*:Enabled:Nectar Search Toolbar (Update) -- (FreeCause Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"EPSON Printer and Utilities" = EPSON Printer Software
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{085DBA44-8F4A-4647-80F1-6502EC62A317}" = ArcSoft PhotoStudio Darkroom 2
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0AAC0AF2-8F53-4B3C-A050-AEDC827EA1CC}" = SMART Product Update
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18472E28-FCA0-421F-BDAC-AC65012E29F2}" = ArcSoft MediaImpression
"{1DED92A7-05FA-4736-8AEA-1BE2363F1033}" = Nero 7 Essentials
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2348B97D-C991-438F-BC44-294C931E7B8B}" = SMART Essentials for Educators
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{40787F45-74D0-4F37-B1BE-E9FCE5AD4076}" = ArcSoft Print Creations
"{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5023B3E9-6B73-471E-8BD9-DA4442AE357C}" = ArcSoft Print Creations - Quick Photo Book
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{638EBB3E-04BC-40DB-9176-DDEC2C5CB2BC}" = ArcSoft MediaConverter 2.5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{764D4127-1AE0-4FD3-8971-696230AC724D}" = ArcSoft MediaConverter 3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C8B44566-839A-459C-A73D-49764CE216CC}" = ArcSoft Video Downloader
"{D8AD43B5-36EB-4E14-A44F-0E40AFFC4932}" = calibre
"{DB909A1C-B447-428F-8103-E8975BCB99F0}" = ArcSoft RAW Thumbnail Viewer
"{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}" = ArcSoft Photo Book Screen Saver
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F9466082-90E9-4BE4-92F0-CF0AF195B0CF}" = 2.0 PC CAMERA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG9Uninstall" = AVG 9.0
"BFG-Alice Greenfingers" = Alice Greenfingers
"BFG-Belle`s Beauty Boutique" = Belle`s Beauty Boutique
"BFG-Build-a-lot" = Build-a-lot
"BFG-Build-a-lot 2 - Town of the Year" = Build-a-lot 2: Town of the Year
"BFG-Build-a-lot 3 - Passport to Europe" = Build-a-lot 3: Passport to Europe
"BFGC" = Big Fish Games Client
"BFG-Curse of the Pharaoh - The Quest for Nefertiti" = Curse of the Pharaoh: The Quest for Nefertiti
"BFG-Diner Dash - Seasonal Snack Pack" = Diner Dash: Seasonal Snack Pack
"BFG-Forgotten Lands - First Colony" = Forgotten Lands: First Colony ™
"BFG-Great Secrets - Da Vinci" = Great Secrets: Da Vinci
"BFG-LEGO Fever" = LEGO Fever
"BFG-Little Farm" = Little Farm
"BFG-Mah Jong Quest" = Mah Jong Quest
"BFG-Mah Jong Quest II" = Mah Jong Quest II
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-My Tribe" = My Tribe
"BFG-Pet Shop Hop" = Pet Shop Hop
"BFG-The History Channel Lost Worlds" = The History Channel Lost Worlds
"BFG-Virtual Villagers - The Secret City" = Virtual Villagers: The Secret City
"BFG-Westward II - Heroes of the Frontier" = Westward II: Heroes of the Frontier
"Classicsonline_DLM" = Classicsonline
"DiskCheckup_is1" = DiskCheckup V3.0
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 User's Guide" = ESDX6000_CX5900 User's Guide
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Lexia Reading UK 6.0.1" = Lexia Reading UK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Nectar Search Toolbar" = Nectar Search Toolbar
"Ranger Outpost Client" = Ranger Outpost Remote Client
"RealPlayer 6.0" = RealPlayer
"TescoDownloader" = Tesco Download Manager
"The National Test Toolkit - MiniTest" = The National Test Toolkit - MiniTest
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Virtual Families" = Virtual Families 1.0
"Virtual Villagers" = Virtual Villagers 1.0
"Virtual Villagers - The Lost Children" = Virtual Villagers - The Lost Children 1.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/05/2010 06:28:25 | Computer Name = RBEARD-F4BA0663 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 30/05/2010 06:29:28 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 06:31:04 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 06:34:07 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 06:41:30 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 06:49:09 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 06:51:31 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 07:02:17 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 07:34:25 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

Error - 30/05/2010 07:41:10 | Computer Name = RBEARD-F4BA0663 | Source = Windows Search Service | ID = 3083
Description =

[ OSession Events ]
Error - 28/08/2008 15:26:55 | Computer Name = RBEARD-F4BA0663 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16630
seconds with 120 seconds of active time. This session ended with a crash.

Error - 20/12/2009 13:36:23 | Computer Name = RBEARD-F4BA0663 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/12/2009 09:52:53 | Computer Name = RBEARD-F4BA0663 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/01/2011 08:25:33 | Computer Name = RBEARD-F4BA0663 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 03/03/2011 18:38:36 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 18:38:36 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 18:44:30 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:04:16 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:06:28 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:11:28 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:12:37 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:13:01 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:13:33 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 03/03/2011 19:13:33 | Computer Name = RBEARD-F4BA0663 | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

< End of report >

#2 Nerd

Group: Member
Posts: 2
Joined: 03-March 11

Posted 03 March 2011 - 05:31 PM

Sorry - i did not realise I had 2 boxes open regarding the OTl report. This is the other box.

OTL logfile created on: 03/03/2011 23:03:48 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Nic\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 187.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 153.38 Gb Total Space | 41.56 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Computer Name: RBEARD-F4BA0663 | User Name: Nic | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/03/03 23:02:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nic\Desktop\OTL.exe
PRC - [2011/01/21 14:19:38 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
PRC - [2011/01/21 14:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/11/28 10:19:39 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/11/28 10:19:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/11/28 10:19:28 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/07/20 19:43:54 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/13 14:51:50 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/06/10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/10 03:27:03 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre1.6.0_07\bin\jucheck.exe
PRC - [2007/11/02 05:48:46 | 004,519,176 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
PRC - [2007/11/02 05:48:40 | 003,990,792 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\Marker.exe
PRC - [2007/11/02 05:48:34 | 002,090,248 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\Aware.exe
PRC - [2007/11/02 05:48:32 | 001,283,336 | ---- | M] (SMART Technologies Inc.) -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
PRC - [2007/06/01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007/05/10 12:18:10 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnp325.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

========== Modules (SafeList) ==========

MOD - [2011/03/03 23:02:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nic\Desktop\OTL.exe
MOD - [2010/09/07 17:04:52 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_8D2E3180\comctl32.dll
MOD - [2007/02/18 12:00:00 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comres.dll
MOD - [2007/02/18 12:00:00 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2006/05/03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 17:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2010/11/28 10:19:31 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/20 19:43:54 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/07/25 10:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/11/02 05:48:58 | 000,767,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server)
SRV - [2007/11/02 05:48:32 | 001,283,336 | ---- | M] (SMART Technologies Inc.) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2007/02/18 12:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/02/17 18:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 18:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009/04/05 18:56:54 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007/02/18 12:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files (x86)\Nectar Search Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2010/06/07 18:10:52 | 000,000,000 | ---D | M]

Hosts file not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] File not found
O4:64bit: - HKLM..\Run: [nwiz] File not found
O4:64bit: - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Monitor.lnk = C:\Program Files (x86)\ArcSoft\MediaConverter 3\Monitor.exe (ArcSoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk = C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe (SMART Technologies Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {358DFA15-D48C-4296-8D16-7405F918333B} https://nottsslp.org...ronter_oes2.cab (Fronter OES2 release 27)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1218122549828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/06 16:24:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e359e6b-3128-11df-9491-001bfc344398}\Shell - "" = AutoRun
O33 - MountPoints2\{1e359e6b-3128-11df-9491-001bfc344398}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1e359e6b-3128-11df-9491-001bfc344398}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3db60e3c-3d4c-11de-a241-001bfc344398}\Shell\AutoRun\command - "" = C:\WINDOWS\SysWow64\explorer.exe -- [2007/02/18 12:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 23:01:59 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nic\Desktop\OTL.exe
[2011/03/03 22:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nic\Application Data\Uniblue
[2011/03/03 22:30:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011/03/03 22:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2011/03/03 22:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/03/03 22:29:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nic\Local Settings\Application Data\PackageAware
[2011/03/03 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nic\Application Data\SUPERAntiSpyware.com
[2011/03/03 17:17:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/03 17:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/03/03 17:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/03 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/14 20:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nic\Calibre Library
[2011/02/14 20:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nic\Application Data\calibre
[2011/02/14 20:20:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2011/02/14 20:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2009/04/13 15:38:24 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\rsnp325.dll
[2009/04/13 15:38:24 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\vsnp325.dll
[2009/04/13 15:38:24 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\SysWow64\csnp325.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 23:13:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{29FA161F-945E-466E-B3ED-D4D16BCEEA4F}.job
[2011/03/03 23:12:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{621D10A6-C49F-4952-B118-B1CB53B8323B}.job
[2011/03/03 23:10:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C4038EA1-F68B-4ED2-9792-6A4B9518AFC9}.job
[2011/03/03 23:09:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F3ABEFD1-A702-439D-9D16-CFD9EE9252B7}.job
[2011/03/03 23:02:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nic\Desktop\OTL.exe
[2011/03/03 22:31:03 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/03/03 22:30:51 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\Nic\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/03/03 22:30:51 | 000,001,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
[2011/03/03 17:16:35 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/03 17:09:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/14 20:21:38 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2011/02/10 19:18:12 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/03 22:31:02 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/03/03 22:30:36 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\Nic\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
[2011/03/03 22:30:36 | 000,001,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Uniblue RegistryBooster.lnk
[2011/03/03 17:16:35 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/14 20:21:38 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\calibre - E-book management.lnk
[2009/11/22 18:55:00 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Nic\Application Data\$_hpcst$.hpc
[2009/05/10 13:58:06 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/05 19:48:59 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Nic\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/13 15:39:04 | 000,034,590 | ---- | C] () -- C:\WINDOWS\unvpeye.ini
[2009/04/13 15:38:26 | 000,835,584 | ---- | C] () -- C:\WINDOWS\vsnp325.exe
[2009/04/13 15:38:26 | 000,270,336 | ---- | C] () -- C:\WINDOWS\tsnp325.exe
[2009/04/13 15:38:26 | 000,015,501 | ---- | C] () -- C:\WINDOWS\snp325.ini
[2009/04/05 19:03:17 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2009/04/05 18:57:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/04/05 18:51:01 | 000,005,632 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys
[2009/01/30 18:49:31 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/01/30 18:29:23 | 000,043,873 | ---- | C] () -- C:\WINDOWS\SysWow64\EPSUI64W_000.dat
[2008/09/28 17:16:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008/09/17 22:55:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\SysWow64\nview.dll
[2008/09/17 22:55:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\SysWow64\nvwimg.dll
[2008/08/21 08:56:45 | 000,111,932 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPrinterDB.dat
[2008/08/21 08:56:45 | 000,031,053 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern131.dat
[2008/08/21 08:56:45 | 000,027,417 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern121.dat
[2008/08/21 08:56:45 | 000,026,154 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern1.dat
[2008/08/21 08:56:45 | 000,024,903 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern3.dat
[2008/08/21 08:56:45 | 000,021,390 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern5.dat
[2008/08/21 08:56:45 | 000,020,148 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern2.dat
[2008/08/21 08:56:45 | 000,011,811 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern4.dat
[2008/08/21 08:56:45 | 000,004,943 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPattern6.dat
[2008/08/21 08:56:45 | 000,001,146 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_DU.dat
[2008/08/21 08:56:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_PT.dat
[2008/08/21 08:56:45 | 000,001,139 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_BP.dat
[2008/08/21 08:56:45 | 000,001,136 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_ES.dat
[2008/08/21 08:56:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_FR.dat
[2008/08/21 08:56:45 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_CF.dat
[2008/08/21 08:56:45 | 000,001,120 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_IT.dat
[2008/08/21 08:56:45 | 000,001,107 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_GE.dat
[2008/08/21 08:56:45 | 000,001,104 | ---- | C] () -- C:\WINDOWS\SysWow64\EPPICPresetData_EN.dat
[2008/08/21 08:56:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\SysWow64\PICSDK.ini
[2008/08/21 08:49:41 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX6000EFDG.ini
[2008/08/08 15:19:21 | 000,570,424 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008/08/07 12:59:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\temp01
[2008/08/07 10:33:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe
[2008/08/07 10:33:08 | 000,037,376 | R--- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2008/08/07 10:23:12 | 000,015,028 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/08/07 10:22:57 | 000,001,944 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/08/07 10:22:45 | 000,010,288 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS
[2008/08/06 17:07:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/08/06 16:28:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/01 23:58:12 | 000,257,536 | ---- | C] () -- C:\WINDOWS\SysWow64\BiImg.dll
[2007/11/01 23:58:12 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2007/11/01 23:58:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysWow64\JPeg32.dll
[2007/11/01 23:58:12 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2007/11/01 23:58:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SysWow64\BiEResNT.dll
[2007/11/01 23:58:10 | 000,073,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Bic_Res.dll
[2007/11/01 23:58:10 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\BiEAppNT.exe
[2007/11/01 23:58:10 | 000,000,002 | ---- | C] () -- C:\WINDOWS\bi_group.ini
[2007/02/18 12:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 12:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007/02/18 12:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 12:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 12:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 12:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 12:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 12:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 12:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 12:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 12:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 12:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 12:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 12:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 12:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 12:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007/02/18 12:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007/02/18 12:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 12:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 12:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007/02/18 12:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 12:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2002/05/27 18:52:36 | 000,106,496 | ---- | C] () -- C:\WINDOWS\japi.dll
[2002/04/02 22:50:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rmvpeye.exe
[2001/06/24 02:32:44 | 000,172,032 | ---- | C] () -- C:\WINDOWS\japi2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F96ED45
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E84CA8F2
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:957E9765
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6116FBB
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5988350
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6390D9FB
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60C897F3
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E717F65C
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BE6DC701
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:708BB0FA
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:064877B6
@Alternate Data Stream - 207 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:614F17D3
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9547F1DB
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:275AA066
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6D027BB

< End of report >

#3 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 13 March 2011 - 08:48 AM

Your logs are clean. Malware isn't causing the problem.

I do see there's something wrong with the hard disk.

Please use this tutorial for running chkdsk: http://www.w7forums....-disk-t448.html
Make sure you tick both options within the check disk tool.

#4 Gammo

Group: Malware Removal
Posts: 2,299
Joined: 21-December 08

Posted 02 April 2011 - 04:37 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Trojan.Vundo-Variant/F.Process - Geeks to Go Forums