Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP .. "trojan horse patched_c.LZI" problem [Solved]


  • This topic is locked This topic is locked

#1
materelli

materelli

    Member

  • Member
  • PipPip
  • 23 posts
Hello,

I seem to have been infected with the "trojan horse patched_c.LZI".

Multiple AVG warnings as well browser redirections have occured.

After reading previous "fixes" of this problem i have done the following.

1. Downloaded to desktop and ran OT with both "Extras.txt" and "OTL.txt below"
2. Downloaded to desktop and ran aswMBR with "aswMBR.txt" below.
3. Downloaded combofix to desktop.
4. Downloaded Farbar recovery scan tool and saved on a flash drive.


OTL logfile created on: 03/08/2012 13:23:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Materelli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.55% Memory free
13.66 Gb Paging File | 10.91 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): c:\pagefile.sys 10000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 102.57 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.94 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATERELLI-PC | User Name: Materelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/14 17:25:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/02/23 20:29:43 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/17 11:50:42 | 004,523,928 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2009/07/23 11:15:59 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 13:20:55 | 000,192,512 | ---- | M] () -- C:\Users\Materelli\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012/08/03 13:20:55 | 000,172,032 | ---- | M] () -- C:\Users\Materelli\AppData\Local\Temp\sfareca00001.dll
MOD - [2011/11/20 19:32:12 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/24 18:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 17:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/02 21:05:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Stopped] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 19:43:31 | 000,241,664 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/01 00:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/02/03 13:36:49 | 000,464,464 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10)
DRV:64bit: - [2011/02/03 13:36:49 | 000,229,664 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 18:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/11/25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 16:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/09/15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0F2D630A-1FF6-4A81-BCA1-71E9054BB3CB}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...omplete=1&hl=en
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\SearchScopes\{6F198424-0A4A-453B-A959-ECC9D076E4C1}: "URL" = http://search.avg.co...}&ychte=uk&nt=1
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 71.68.37.101:80


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/07 04:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/19 20:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/14 17:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/14 17:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:50:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/13 12:18:04 | 000,442,859 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15217 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4092ADC-5C83-48E9-8CEA-1F4B0BF537BC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Materelli\AppData\Local\nwpwappd\vdhjnsyq.exe) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O33 - MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 13:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:11:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:12:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
[2012/08/03 00:11:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
[2012/08/02 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
[2012/08/02 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
[2012/08/01 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
[2012/08/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
[2012/08/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
[2012/08/01 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
[2012/07/31 15:21:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
[2012/07/31 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
[2012/07/31 01:43:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
[2012/07/31 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
[2012/07/30 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Materelli\Desktop\removable disk
[2012/07/30 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
[2012/07/30 13:42:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
[2012/07/30 01:42:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
[2012/07/30 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
[2012/07/29 13:41:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
[2012/07/29 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
[2012/07/29 00:22:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
[2012/07/28 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
[2012/07/28 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
[2012/07/28 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
[2012/07/27 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
[2012/07/27 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
[2012/07/26 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
[2012/07/26 12:50:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
[2012/07/25 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
[2012/07/25 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
[2012/07/25 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2012/07/25 23:06:32 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Users\Materelli\Desktop\SharePod.exe
[2012/07/25 11:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
[2012/07/25 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
[2012/07/24 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
[2012/07/24 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
[2012/07/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
[2012/07/24 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
[2012/07/23 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
[2012/07/23 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
[2012/07/23 02:19:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
[2012/07/23 02:18:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
[2012/07/22 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
[2012/07/22 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
[2012/07/22 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
[2012/07/22 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
[2012/07/21 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
[2012/07/21 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
[2012/07/21 00:33:07 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
[2012/07/21 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
[2012/07/20 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
[2012/07/20 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
[2012/07/19 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/19 20:01:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
[2012/07/19 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
[2012/07/13 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
[2012/07/13 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
[2012/07/12 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
[2012/07/12 12:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
[2012/07/12 11:36:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
[2012/07/12 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
[2012/07/11 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/11 13:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/11 12:28:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
[2012/07/11 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
[2012/07/11 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
[2012/07/11 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
[2012/07/10 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
[2012/07/10 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
[2012/07/09 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
[2012/07/09 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
[2012/07/08 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
[2012/07/08 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
[2012/07/08 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
[2012/07/08 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
[2012/07/07 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
[2012/07/07 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
[2012/07/07 00:26:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
[2012/07/07 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
[2012/07/06 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
[2012/07/06 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
[2012/07/06 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
[2012/07/06 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
[2012/07/05 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4017C4C3-B0A4-43FA-BC73-5C417189AA77}
[2012/07/05 12:21:16 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{03F6015F-AC98-4FCC-856A-EDAF23400495}
[2012/07/05 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0830330E-EA08-4399-9CE7-A417FBC3EFEA}
[2012/07/05 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{FE885F4A-F319-4E43-B4C7-DC85320A39B2}
[2012/01/19 15:31:55 | 019,663,768 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Materelli\FreeVideoToiPodConverter.exe
[2009/07/23 11:35:08 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Materelli\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Materelli\Documents\*.tmp files -> C:\Users\Materelli\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 13:35:53 | 004,724,629 | ---- | M] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:35:35 | 000,756,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 13:35:35 | 000,645,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 13:35:35 | 000,123,804 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 13:33:11 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 13:33:11 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 13:19:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 13:04:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 13:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 12:38:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 12:37:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 12:36:41 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 02:53:56 | 102,845,173 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/03 00:10:29 | 001,149,038 | ---- | M] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 19:10:04 | 000,007,397 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/30 11:49:02 | 000,227,165 | ---- | M] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/28 22:40:20 | 000,000,680 | ---- | M] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat
[2012/07/25 23:05:28 | 002,141,310 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/20 17:47:31 | 000,389,488 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/19 20:08:43 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/12 16:30:09 | 000,305,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:45:00 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/07/07 18:39:23 | 023,784,819 | ---- | M] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | M] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | M] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[1 C:\Users\Materelli\Documents\*.tmp files -> C:\Users\Materelli\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/03 12:38:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:39:39 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\L\[email protected]
[2012/08/03 00:39:37 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:39:36 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:39:29 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:39:28 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:39:28 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\U\[email protected]
[2012/08/03 00:10:28 | 001,149,038 | ---- | C] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 11:49:01 | 000,227,165 | ---- | C] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/25 23:07:26 | 000,007,397 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/25 23:05:20 | 002,141,310 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/11 13:45:00 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/07 18:39:15 | 023,784,819 | ---- | C] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | C] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | C] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[2012/06/12 11:37:25 | 000,743,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/11 12:14:05 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}\@
[2012/01/11 12:14:05 | 000,002,048 | -HS- | C] () -- C:\Users\Materelli\AppData\Local\{479469d3-8ccd-754f-0bb2-1225aba89060}\@
[2011/12/26 16:28:27 | 000,001,482 | -HS- | C] () -- C:\Users\Materelli\AppData\Local\5r6r38221t246h5xhcg048mh1533
[2011/12/26 16:28:27 | 000,001,482 | -HS- | C] () -- C:\ProgramData\5r6r38221t246h5xhcg048mh1533
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/04 22:52:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/04 22:52:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/20 11:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Materelli\AppData\Local\{2322992F-1B59-4BE1-AD80-56752BFB78D8}
[2011/05/20 17:42:55 | 000,002,295 | ---- | C] () -- C:\Users\Materelli\.com.zerog.registry.xml
[2011/02/06 17:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/04/06 20:44:23 | 000,012,292 | -HS- | C] () -- C:\Users\Materelli\AppData\Local\86K35bLqF
[2010/04/06 20:44:23 | 000,012,292 | -HS- | C] () -- C:\ProgramData\86K35bLqF
[2009/11/27 00:07:21 | 000,000,126 | ---- | C] () -- C:\Users\Materelli\AppData\Roaming\wklnhst.dat
[2009/07/31 21:29:24 | 000,017,920 | ---- | C] () -- C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 12:08:55 | 000,000,680 | ---- | C] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/24 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Ad-Aware Antivirus
[2011/10/14 12:41:06 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\AVG2012
[2012/07/09 23:56:01 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\BitTorrent
[2012/06/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoft
[2011/05/15 02:52:59 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/24 04:11:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\GetRightToGo
[2010/12/10 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\PCDr
[2012/04/18 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\ppstream
[2012/07/25 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2011/12/07 03:36:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Sports Interactive
[2009/09/19 15:28:25 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\StreamTorrent
[2011/05/04 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Temp
[2009/11/27 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Template
[2009/09/07 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\VistaCodecs
[2011/09/09 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Windows Live Writer
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/03 12:34:21 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/04/25 04:53:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2009/04/25 04:53:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2009/04/25 04:53:48 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2009/04/25 04:53:47 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/25 04:53:48 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2009/04/25 04:53:47 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2009/04/25 04:53:47 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2009/04/25 04:53:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Program Files (x86)\D-Fend Reloaded\NewUserData\FREEDOS\SERVICES
[2007/10/02 17:21:30 | 000,005,747 | ---- | M] () MD5=A19E611ABC81E35FA50B604688130858 -- C:\Users\Materelli\D-Fend Reloaded\VirtualHD\FREEDOS\SERVICES

< MD5 for: SERVICES.CFG >
[2012/04/04 06:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 08:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=BC81150939BD52DBC7A08C245F1FB229 -- C:\Windows\SysNative\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 16:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 16:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 04:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 22:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 16:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 22:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 16:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/21 03:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/21 03:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 4
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::ec4d:63c2:6f40:929%11;fe80::96:30c1:b19e:271b%10;2002:4e61:d8e4::4e61:d8e4;78.97.216.228;
"LastDetectUrl" =

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Materelli\Desktop\joey negro - unknown.mp3:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 311 bytes -> C:\Users\Materelli\Documents\No Subject.eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 03/08/2012 13:23:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Materelli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 42.55% Memory free
13.66 Gb Paging File | 10.91 Gb Available in Paging File | 79.83% Paging File free
Paging file location(s): c:\pagefile.sys 10000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 102.57 Gb Free Space | 36.19% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.94 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATERELLI-PC | User Name: Materelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = B6 70 CA 48 A8 80 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49DADDE6-41A1-5A2B-C518-0EBE12261352}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1" = FMRTE 5.2.3
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E9984FD-DF5D-D0D9-E552-7872964F00CC}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C8005A7B-9638-41DD-B83B-AF277754E211}" = Intel® PROSet/Wireless WiFi Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FAB0283F-6FC1-3056-6ABE-0B95A34A1A7A}" = Application Verifier x64 External Package
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
"vsfilter64_is1" = DirectVobSub 2.40.4306 (x64)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35FE995E-5A31-D005-0303-8D9FBBD4B67B}" = Catalyst Control Center Graphics Previews Common
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66FAEBD3-A1D3-6E3A-22FD-37996FEDC9AE}" = SDK Debuggers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6DA2AF51-EE25-BB21-9106-FF69FC83DDB7}" = Kits Configuration Installer
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E5FFC5E-5A7F-864A-2E0D-0B234ED7B14F}" = Catalyst Control Center InstallProxy
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{843e5a96-1ee3-4275-a965-14feac1cc02e}" = Windows Software Development Kit
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8 Demo
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83
"{CC49EE8E-1C0F-012B-FC8F-551B538C7F4A}" = Windows Software Development Kit EULA
"{cc937cbc-4be2-4227-9660-ff2f2a1d9467}" = Ad-Aware Antivirus
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5AFB7E8-D81F-F57F-4D43-EC95E49425FE}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F76C09F9-C367-6FB9-4965-A26211D094FC}" = CCC Help English
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BitTorrent" = BitTorrent
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"dBpowerAMP AAC Codec" = dBpowerAMP AAC Codec
"dBpowerAMP AAC to Mp4 Codec" = dBpowerAMP AAC to Mp4 Codec
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpowerAMP Mp3 (MPEG Suite 2000 CLI)" = dBpowerAMP Mp3 (MPEG Suite 2000 CLI)
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"dBpowerAMP Wavpack Codec" = dBpowerAMP Wavpack Codec
"dBpowerAMP WMA V9.1 Codec" = dBpowerAMP WMA V9.1 Codec
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"D-Fend Reloaded" = D-Fend Reloaded 1.3.1 (deinstall)
"DivX Setup.divx.com" = DivX Setup
"dMC Power Pack" = dMC Power Pack
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Freenet" = Freenet
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Quick Search Box" = Google Quick Search Box
"RealPlayer 15.0" = RealPlayer
"Security Task Manager" = Security Task Manager 1.8c
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13e
"SpeedFan" = SpeedFan (remove only)
"Steam App 71270" = Football Manager 2012
"Steam App 71400" = Football Manager 2012 Editor
"StreamerOne" = StreamerOne beta 0.5
"StreamTorrent 1.0" = StreamTorrent 1.0
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZMBV" = Zip Motion Block Video codec (Remove Only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1307751917-322223060-3447154212-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/08/2012 07:37:48 | Computer Name = Materelli-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/08/2012 07:43:20 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 03/08/2012 07:43:20 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 03/08/2012 07:43:20 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 03/08/2012 07:43:20 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.

Error - 03/08/2012 07:43:26 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 03/08/2012 07:43:26 | Computer Name = Materelli-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error - 03/08/2012 07:45:26 | Computer Name = Materelli-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/08/2012 07:45:30 | Computer Name = Materelli-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 03/08/2012 08:27:49 | Computer Name = Materelli-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ System Events ]
Error - 03/08/2012 07:37:21 | Computer Name = Materelli-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 02:33:17 on 03/08/2012 was unexpected.

Error - 03/08/2012 07:37:51 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 03/08/2012 07:37:51 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/08/2012 07:38:04 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 03/08/2012 07:40:10 | Computer Name = Materelli-PC | Source = DCOM | ID = 10005
Description =

Error - 03/08/2012 07:40:10 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 03/08/2012 07:40:10 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/08/2012 07:40:41 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 03/08/2012 07:40:41 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03/08/2012 07:43:56 | Computer Name = Materelli-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 13:51:48
-----------------------------
13:51:48.413 OS Version: Windows x64 6.0.6002 Service Pack 2
13:51:48.419 Number of processors: 2 586 0x170A
13:51:48.422 ComputerName: MATERELLI-PC UserName: Materelli
13:51:54.472 Initialize success
13:57:27.973 AVAST engine defs: 12080300
13:58:06.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:58:06.553 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 3
13:58:06.567 Disk 0 MBR read successfully
13:58:06.571 Disk 0 MBR scan
13:58:06.577 Disk 0 Windows VISTA default MBR code
13:58:06.581 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:58:06.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
13:58:06.617 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290205 MB offset 30800325
13:58:06.731 Disk 0 scanning C:\Windows\system32\drivers
13:58:30.471 Service scanning
13:59:03.488 Modules scanning
13:59:03.489 Disk 0 trace - called modules:
13:59:03.519 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:59:03.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d98790]
13:59:03.521 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bd1940]
13:59:06.562 AVAST engine scan C:\
14:10:50.756 Disk 0 MBR has been saved successfully to "C:\Users\Materelli\Desktop\MBR.dat"
14:10:50.768 The log file has been saved successfully to "C:\Users\Materelli\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-03 14:16:57
-----------------------------
14:16:57.879 OS Version: Windows x64 6.0.6002 Service Pack 2
14:16:57.879 Number of processors: 2 586 0x170A
14:16:57.880 ComputerName: MATERELLI-PC UserName: Materelli
14:17:00.514 Initialize success
14:17:06.354 AVAST engine defs: 12080300
14:17:10.527 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:17:10.542 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 3
14:17:10.698 Disk 0 MBR read successfully
14:17:10.704 Disk 0 MBR scan
14:17:10.762 Disk 0 Windows VISTA default MBR code
14:17:10.788 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:17:10.863 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 80325
14:17:10.952 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290205 MB offset 30800325
14:17:11.127 Disk 0 scanning C:\Windows\system32\drivers
14:17:55.991 Service scanning
14:18:41.770 Modules scanning
14:18:41.795 Disk 0 trace - called modules:
14:18:41.836 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:18:41.851 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d98790]
14:18:41.865 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bd1940]
14:18:43.358 AVAST engine scan C:\Windows
14:19:32.747 AVAST engine scan C:\Windows\system32
14:23:08.836 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:23:16.335 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
14:30:36.332 AVAST engine scan C:\Windows\system32\drivers
14:31:40.952 AVAST engine scan C:\Users\Materelli
15:26:47.504 Disk 0 MBR has been saved successfully to "C:\Users\Materelli\Desktop\MBR.dat"
15:26:47.545 The log file has been saved successfully to "C:\Users\Materelli\Desktop\aswMBR.txt"


thanks,

MAT


p.s. after running aswMBR it found some "GAC_32" infections too, i hope you can offer me some advice on how to solve this.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you sorted

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O20 - HKLM Winlogon: UserInit - (C:\Users\Materelli\AppData\Local\nwpwappd\vdhjnsyq.exe) - File not found
    O33 - MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\Shell\AutoRun\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
    O33 - MountPoints2\{edc41ae6-9555-11de-a16b-002219f956bb}\Shell\open\command - "" = G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
    [2010/04/06 20:44:23 | 000,012,292 | -HS- | C] () -- C:\Users\Materelli\AppData\Local\86K35bLqF
    [2010/04/06 20:44:23 | 000,012,292 | -HS- | C] () -- C:\ProgramData\86K35bLqF
    [2011/12/26 16:28:27 | 000,001,482 | -HS- | C] () -- C:\Users\Materelli\AppData\Local\5r6r38221t246h5xhcg048mh1533
    [2011/12/26 16:28:27 | 000,001,482 | -HS- | C] () -- C:\ProgramData\5r6r38221t246h5xhcg048mh1533

    :Files
    ipconfig /flushdns /c
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Windows\Installer\{479469d3-8ccd-754f-0bb2-1225aba89060}
    C:\Users\Materelli\AppData\Local\{479469d3-8ccd-754f-0bb2-1225aba89060}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
There seems to be a problem with OTL.

When i "run fix" it said that some access was denied in relation to creating a folder, it then said it was "re-setting hosts" etc .. i then thought it had stalled and idiotically closed it down (apologises if that was wrong).

I then tried to run OTL again but now i just get "not responding" with the "circular loading mouse cursor" even though it seems to be eating up some of the CPU , shall i just leave it be?
  • 0

#4
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Quick update , it seems to be going through everything fine, ill carry on as stated in your 2nd post, thanks.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Dependant on how full your temporary folders are the last bit may take a bit longer
  • 0

#6
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the OTL log -

OTL logfile created on: 03/08/2012 17:15:40 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Materelli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 61.00% Memory free
13.64 Gb Paging File | 12.00 Gb Available in Paging File | 87.96% Paging File free
Paging file location(s): c:\pagefile.sys 10000 40000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 103.73 Gb Free Space | 36.60% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.94 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 148.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MATERELLI-PC | User Name: Materelli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/05/14 17:25:30 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/30 18:21:22 | 000,178,800 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/10 13:31:52 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2009/07/23 11:15:59 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 19:36:44 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 19:36:27 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 19:36:26 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 19:36:26 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 19:36:26 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/20 19:32:12 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2009/04/11 07:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/10/24 18:17:36 | 001,431,824 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/10/24 17:57:38 | 000,840,976 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/19 17:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/19 17:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 19:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/02 21:05:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Start_Pending] -- C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 19:43:31 | 000,241,664 | ---- | M] (Tanuki Software, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet)
SRV - [2009/03/30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/01 00:45:16 | 008,399,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys -- (NETwNv64)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/10/26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/11 16:26:04 | 000,072,280 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/04/29 14:15:42 | 000,055,384 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREdrv.sys -- (SBRE)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SBFWIM.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sbfwim.sys -- (SBFWIMCL)
DRV:64bit: - [2011/02/03 13:36:49 | 000,464,464 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10)
DRV:64bit: - [2011/02/03 13:36:49 | 000,229,664 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 17:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009/04/11 06:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/19 17:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008/12/21 18:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/11/25 15:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/10/28 16:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/10/07 18:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/09/15 18:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/09/15 18:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/09/15 18:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/01/21 03:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV - [2011/06/02 11:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2011/04/29 14:15:42 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...omplete=1&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6F198424-0A4A-453B-A959-ECC9D076E4C1}: "URL" = http://search.avg.co...}&ychte=uk&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 71.68.37.101:80


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/07 04:07:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/19 20:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/06 11:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/14 17:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/14 17:26:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 11:50:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/03 16:52:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4092ADC-5C83-48E9-8CEA-1F4B0BF537BC}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Tranportation_1920x1200.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 16:11:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/03 13:35:41 | 004,724,629 | ---- | C] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:18:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:11:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 00:12:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
[2012/08/03 00:11:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
[2012/08/02 12:11:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
[2012/08/02 12:09:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
[2012/08/01 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
[2012/08/01 23:24:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
[2012/08/01 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
[2012/08/01 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
[2012/07/31 15:21:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
[2012/07/31 15:20:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
[2012/07/31 01:43:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
[2012/07/31 01:42:59 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
[2012/07/30 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Materelli\Desktop\removable disk
[2012/07/30 13:42:44 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
[2012/07/30 13:42:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
[2012/07/30 01:42:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
[2012/07/30 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
[2012/07/29 13:41:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
[2012/07/29 13:38:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
[2012/07/29 00:22:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
[2012/07/28 12:22:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
[2012/07/28 12:20:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
[2012/07/28 00:19:53 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
[2012/07/27 12:19:02 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
[2012/07/27 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
[2012/07/26 22:01:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
[2012/07/26 12:50:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
[2012/07/25 23:30:33 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
[2012/07/25 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
[2012/07/25 23:10:27 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2012/07/25 23:06:32 | 005,591,552 | ---- | C] (Jeffrey Harris) -- C:\Users\Materelli\Desktop\SharePod.exe
[2012/07/25 11:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
[2012/07/25 11:28:36 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
[2012/07/24 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
[2012/07/24 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
[2012/07/24 11:02:43 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
[2012/07/24 11:01:39 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
[2012/07/23 15:17:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
[2012/07/23 15:16:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
[2012/07/23 02:19:11 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
[2012/07/23 02:18:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
[2012/07/22 14:18:38 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
[2012/07/22 14:17:32 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
[2012/07/22 01:39:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
[2012/07/22 01:38:49 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
[2012/07/21 13:38:26 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
[2012/07/21 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
[2012/07/21 00:33:07 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
[2012/07/21 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
[2012/07/20 12:32:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
[2012/07/20 12:31:22 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
[2012/07/19 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/19 20:01:09 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
[2012/07/19 20:00:30 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
[2012/07/13 11:06:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
[2012/07/13 11:06:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
[2012/07/12 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
[2012/07/12 12:29:42 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
[2012/07/12 11:36:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/12 00:29:14 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
[2012/07/12 00:28:58 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
[2012/07/11 13:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/11 13:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/11 13:42:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/11 12:28:10 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
[2012/07/11 12:26:54 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
[2012/07/11 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
[2012/07/11 00:09:06 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
[2012/07/10 12:08:31 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
[2012/07/10 12:07:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
[2012/07/09 15:39:24 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
[2012/07/09 15:38:20 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
[2012/07/08 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
[2012/07/08 12:27:34 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
[2012/07/08 00:27:13 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
[2012/07/08 00:26:57 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
[2012/07/07 12:26:40 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
[2012/07/07 12:26:28 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
[2012/07/07 00:26:04 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
[2012/07/07 00:25:35 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
[2012/07/06 12:25:19 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
[2012/07/06 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
[2012/07/06 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
[2012/07/06 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
[2012/07/05 12:22:56 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{4017C4C3-B0A4-43FA-BC73-5C417189AA77}
[2012/07/05 12:21:16 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{03F6015F-AC98-4FCC-856A-EDAF23400495}
[2012/07/05 00:02:29 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{0830330E-EA08-4399-9CE7-A417FBC3EFEA}
[2012/07/05 00:02:18 | 000,000,000 | ---D | C] -- C:\Users\Materelli\AppData\Local\{FE885F4A-F319-4E43-B4C7-DC85320A39B2}
[2012/01/19 15:31:55 | 019,663,768 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Users\Materelli\FreeVideoToiPodConverter.exe
[2009/07/23 11:35:08 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\Materelli\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Users\Materelli\Documents\*.tmp files -> C:\Users\Materelli\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/03 17:11:28 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/03 17:10:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 17:10:52 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 17:10:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/03 17:10:39 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 17:04:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 17:04:07 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/03 15:26:47 | 000,000,512 | ---- | M] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 13:35:53 | 004,724,629 | ---- | M] (Swearware) -- C:\Users\Materelli\Desktop\ComboFix.exe
[2012/08/03 13:35:35 | 000,756,204 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 13:35:35 | 000,645,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 13:35:35 | 000,123,804 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 13:19:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Materelli\Desktop\aswMBR.exe
[2012/08/03 13:12:00 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Materelli\Desktop\OTL.exe
[2012/08/03 02:53:56 | 102,845,173 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/03 00:10:29 | 001,149,038 | ---- | M] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 19:10:04 | 000,007,397 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/30 11:49:02 | 000,227,165 | ---- | M] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/28 22:40:20 | 000,000,680 | ---- | M] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat
[2012/07/25 23:05:28 | 002,141,310 | ---- | M] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/20 17:47:31 | 000,389,488 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/19 20:08:43 | 000,000,874 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/12 16:30:09 | 000,305,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:45:00 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/07/07 18:39:23 | 023,784,819 | ---- | M] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | M] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | M] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[1 C:\Users\Materelli\Documents\*.tmp files -> C:\Users\Materelli\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/03 14:10:50 | 000,000,512 | ---- | C] () -- C:\Users\Materelli\Desktop\MBR.dat
[2012/08/03 00:10:28 | 001,149,038 | ---- | C] () -- C:\Users\Materelli\Documents\moochiesmenu.pdf
[2012/07/30 11:49:01 | 000,227,165 | ---- | C] () -- C:\Users\Materelli\Documents\attachment payment.pdf
[2012/07/25 23:07:26 | 000,007,397 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePodSettings.xml
[2012/07/25 23:05:20 | 002,141,310 | ---- | C] () -- C:\Users\Materelli\Desktop\SharePod_3.99.zip
[2012/07/11 13:45:00 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/07 18:39:15 | 023,784,819 | ---- | C] () -- C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
[2012/07/06 13:32:36 | 000,602,557 | ---- | C] () -- C:\Users\Materelli\Documents\Ketosis - CAMBRIDGE guide.pdf
[2012/07/06 12:44:55 | 000,720,628 | ---- | C] () -- C:\Users\Materelli\Documents\Studies on the metabolism of Eskimos.pdf
[2012/06/12 11:37:25 | 000,743,178 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/25 22:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/04 22:52:36 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/09/04 22:52:36 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/06/20 11:28:18 | 000,000,000 | ---- | C] () -- C:\Users\Materelli\AppData\Local\{2322992F-1B59-4BE1-AD80-56752BFB78D8}
[2011/05/20 17:42:55 | 000,002,295 | ---- | C] () -- C:\Users\Materelli\.com.zerog.registry.xml
[2011/02/06 17:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/27 00:07:21 | 000,000,126 | ---- | C] () -- C:\Users\Materelli\AppData\Roaming\wklnhst.dat
[2009/07/31 21:29:24 | 000,017,920 | ---- | C] () -- C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/23 12:08:55 | 000,000,680 | ---- | C] () -- C:\Users\Materelli\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/24 09:31:17 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Ad-Aware Antivirus
[2011/10/14 12:41:06 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\AVG2012
[2012/07/09 23:56:01 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\BitTorrent
[2012/06/04 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoft
[2011/05/15 02:52:59 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/24 04:11:18 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\GetRightToGo
[2010/12/10 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\PCDr
[2012/04/18 20:00:46 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\ppstream
[2012/07/25 23:10:27 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\SharePod
[2011/12/07 03:36:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Sports Interactive
[2009/09/19 15:28:25 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\StreamTorrent
[2011/05/04 23:31:48 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Temp
[2009/11/27 00:07:26 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Template
[2009/09/07 17:25:33 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\VistaCodecs
[2011/09/09 10:49:02 | 000,000,000 | ---D | M] -- C:\Users\Materelli\AppData\Roaming\Windows Live Writer
[2012/07/08 12:13:22 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/03 17:09:13 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Materelli\Desktop\joey negro - unknown.mp3:TOC.WMV
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 311 bytes -> C:\Users\Materelli\Documents\No Subject.eml:OECustomProperty

< End of report >


As for the "combofix" log , its completed upto stage 50 and then says -

"System file is infected!! attempting to restore"
"C:\Windows\system32\Services.exe"

the cursor is underneath this flashing , it`s been like this for a long time.

I then re-ran combofix and its the same as described above.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a slightly different way now and see if that resolves it

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe|C:\Windows\system32\Services.exe

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#8
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The scan worked fine, it then rebooted and im now seeing just a black screen with a white mouse cursor.

I havent been asked to log in yet.

What do you think i should do ?
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Restart the computer once more

If you get the black screen again then reboot and press F8

From the menu select startup repair

Let me know the progress please

Also when you press F8 could you let me know if the is the option "repair my computer"
And do you have a USb drive handy
  • 0

#10
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I dont get any boot options at all when pressing F8, and yes i do have a flash drive.

Edited by materelli, 03 August 2012 - 12:52 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows Vista 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 4GB
Run Wintoboot

Posted Image

Drag and drop the Windows Vista ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this. Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#12
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I`m not computer literate so just to let you know i am communicating to you through my friends laptop.

I can`t get to the desktop of my infected laptop as of the black screen etc ...

I have a 1gb flash drive and an external 500gb hardrive (but i wouldn`t want to format that because of files on there).

I don`t know if there is a problem here of whether or not i can do what you asked me to do ?

(thanks for all your help so far)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you can create the USB on the computer you are using now, it may fit on a 1Gb drive
  • 0

#14
materelli

materelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here is the log from the flash drive ....

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 03-08-2012 20:39:03
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122368 2009-07-23] (Google Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [69120 2009-04-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [combofix] C:\ComboFix\CF15613.3XE /c C:\ComboFix\Combobatch.bat [8272 2012-08-03] ()
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Materelli\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-10-10] (Valve Corporation)
HKU\Materelli\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17425072 2012-06-07] (Skype Technologies S.A.)
HKU\Materelli\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKLM-x32\...\Runonce: [combofix] C:\ComboFix\CF15613.3XE /c C:\ComboFixCombobatch.bat [x]
HKLM-x32\...\runonceex: [flags] 8
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hpzrcv01.LNK
ShortcutTarget: hpzrcv01.LNK -> C:\Program Files (x86)\HP\Temp\{59C83C08-63F4-4AEC-81D6-392C5E23B843}\setup\hpzstub.exe (No File)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 Ad-Aware Service; "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [382248 2007-09-20] (Nero AG)
2 SBAMSvc; "C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74384 2008-03-24] (MicroVision Development, Inc.)
3 freenet; "C:\Program Files (x86)\Freenet\bin\wrapper-windows-x86-32.exe" -s "C:\Program Files (x86)\Freenet\wrapper.conf" [x]
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]
2 HDD & SSD access service; "C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe" [x]
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

2 acedrv10; C:\Windows\System32\Drivers\acedrv10.sys [464464 2011-02-03] (Protect Software GmbH)
2 acehlp10; C:\Windows\System32\Drivers\acehlp10.sys [229664 2011-02-03] (Protect Software GmbH)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
3 OA008Ufd; C:\Windows\System32\Drivers\OA008Ufd.sys [159840 2009-03-05] (Creative Technology Ltd.)
3 OA008Vid; C:\Windows\System32\Drivers\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
2 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [72280 2011-05-11] (Sunbelt Software)
1 SbFw; C:\Windows\System32\Drivers\SbFw.sys [253528 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [84568 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\Drivers\sbhips.sys [60504 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
1 SbTis; C:\Windows\System32\Drivers\SbTis.sys [94296 2011-04-05] (Sunbelt Software, Inc.)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 PCD5SRVC{048DBD20-445E8C82-05040104}; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-03 10:04 - 2012-08-03 10:18 - 00000000 ___SD C:\ComboFix
2012-08-03 08:57 - 2012-08-03 10:18 - 00000000 ____D C:\Windows\erdnt
2012-08-03 08:57 - 2012-08-03 10:05 - 00000000 ____D C:\Qoobox
2012-08-03 08:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-03 08:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-03 08:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-03 08:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-03 07:11 - 2012-08-03 07:11 - 00000000 ____D C:\_OTL
2012-08-03 05:10 - 2012-08-03 06:26 - 00003743 ____A C:\Users\Materelli\Desktop\aswMBR.txt
2012-08-03 05:10 - 2012-08-03 06:26 - 00000512 ____A C:\Users\Materelli\Desktop\MBR.dat
2012-08-03 04:48 - 2012-08-03 04:48 - 00062308 ____A C:\Users\Materelli\Desktop\Extras.Txt
2012-08-03 04:44 - 2012-08-03 08:49 - 00103112 ____A C:\Users\Materelli\Desktop\OTL.Txt
2012-08-03 04:35 - 2012-08-03 08:56 - 04729092 ____R (Swearware) C:\Users\Materelli\Desktop\ComboFix.exe
2012-08-03 04:18 - 2012-08-03 04:19 - 04731392 ____A (AVAST Software) C:\Users\Materelli\Desktop\aswMBR.exe
2012-08-03 04:11 - 2012-08-03 04:12 - 00597504 ____A (OldTimer Tools) C:\Users\Materelli\Desktop\OTL.exe
2012-08-02 15:12 - 2012-08-02 15:12 - 00000000 ____D C:\Users\Materelli\AppData\Local\{801465AB-2476-43CC-8549-F60B98A2EB33}
2012-08-02 15:11 - 2012-08-02 15:12 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E4F7436B-D03E-4604-ADDA-53DD9894BBC5}
2012-08-02 03:11 - 2012-08-02 03:11 - 00000000 ____D C:\Users\Materelli\AppData\Local\{C46A218D-72E5-4641-BFA2-8F0F3CBB2FC0}
2012-08-02 03:09 - 2012-08-02 03:10 - 00000000 ____D C:\Users\Materelli\AppData\Local\{5BE2BF59-B7F6-4875-ADE1-7036CC23F2B7}
2012-08-01 14:25 - 2012-08-01 14:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DB0F3EAD-CCC0-4E78-8EB1-2C462DEC4457}
2012-08-01 14:24 - 2012-08-01 14:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E88083EF-4B2B-4AE5-8C26-012B8312E3F8}
2012-08-01 02:23 - 2012-08-01 02:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E9A2362F-152C-426A-A537-4C5616D668DD}
2012-08-01 02:22 - 2012-08-01 02:22 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D2241968-2209-4310-9040-D1D921642B1C}
2012-07-31 06:21 - 2012-07-31 06:21 - 00000000 ____D C:\Users\Materelli\AppData\Local\{53CA325B-28C8-4386-B222-2B7E3922B8C3}
2012-07-31 06:20 - 2012-07-31 06:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D0080AD8-735E-4617-B95D-D5106B1B3DA4}
2012-07-30 16:43 - 2012-07-30 16:43 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E22CD375-006A-4FCE-B2E4-1CEE2BA4D785}
2012-07-30 16:42 - 2012-07-30 16:43 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D11A6918-0321-4833-B883-3C8BFA5108E8}
2012-07-30 05:06 - 2012-07-30 05:06 - 00000000 ____D C:\Users\Materelli\Desktop\removable disk
2012-07-30 04:42 - 2012-07-30 04:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D74E012B-3D00-4665-972C-55DE2F9B5C2A}
2012-07-30 04:42 - 2012-07-30 04:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D6BC594F-D069-4D7B-A387-D66183524822}
2012-07-29 16:42 - 2012-07-29 16:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9D7748E0-3D10-48D6-9456-628714F7BD87}
2012-07-29 16:41 - 2012-07-29 16:42 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CE2848C2-1949-498B-AA2D-38DC66F595EC}
2012-07-29 04:41 - 2012-07-29 04:41 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E7E94CB8-6CFE-4ABF-9819-4EFCA9DA2405}
2012-07-29 04:38 - 2012-07-29 04:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7EC2A923-B30A-418A-B2D7-74B93C0CF16F}
2012-07-28 15:22 - 2012-07-28 15:23 - 00000000 ____D C:\Users\Materelli\AppData\Local\{751CD0F9-4A0F-4933-947A-3F14056306EA}
2012-07-28 03:22 - 2012-07-28 03:22 - 00000000 ____D C:\Users\Materelli\AppData\Local\{99A19B08-E02C-4915-9552-0ECE582A428D}
2012-07-28 03:20 - 2012-07-28 03:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D1B9B632-A3DD-4991-93AF-8EC43B733244}
2012-07-27 15:19 - 2012-07-27 15:20 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4D02B297-94C7-42FE-BB95-BB19D541EE02}
2012-07-27 03:19 - 2012-07-27 03:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{037A732E-70C9-4C8B-BE1F-5945BEA2AFE2}
2012-07-27 03:17 - 2012-07-27 03:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{86E90A88-7A07-42E6-AA90-A08CBBE3A37C}
2012-07-26 13:01 - 2012-07-26 13:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{0D331859-206B-4ED5-B531-7482DBACAF3B}
2012-07-26 03:50 - 2012-07-26 03:51 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8376892A-DE8F-4AE8-BB6C-ED26EA0324CD}
2012-07-25 14:30 - 2012-07-25 14:31 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CB0D7B32-3D0D-4B48-82DC-D9A022CF15E8}
2012-07-25 14:30 - 2012-07-25 14:30 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7BCB3858-29FC-448B-94B3-42098E00E6B2}
2012-07-25 14:10 - 2012-07-25 14:10 - 00000000 ____D C:\Users\Materelli\AppData\Roaming\SharePod
2012-07-25 14:07 - 2012-07-30 10:10 - 00007397 ____A C:\Users\Materelli\Desktop\SharePodSettings.xml
2012-07-25 14:06 - 2012-07-30 10:09 - 00010892 ____A C:\Users\Materelli\Desktop\SharePod.log
2012-07-25 14:06 - 2012-06-18 01:02 - 05591552 ____A (Jeffrey Harris) C:\Users\Materelli\Desktop\SharePod.exe
2012-07-25 14:05 - 2012-07-25 14:05 - 02141310 ____A C:\Users\Materelli\Desktop\SharePod_3.99.zip
2012-07-25 02:29 - 2012-07-25 02:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{1BF47978-8AAE-4909-9656-F570EC1883BD}
2012-07-25 02:28 - 2012-07-25 02:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DCF845F9-8A41-47AF-A376-9F442FA81BB2}
2012-07-24 14:03 - 2012-07-24 14:03 - 00000000 ____D C:\Users\Materelli\AppData\Local\{976EC6EC-6CC1-408E-A6C6-28A4ED3CB582}
2012-07-24 14:03 - 2012-07-24 14:03 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2EBC7EAF-8E29-44CA-A301-04E3BF86B4F5}
2012-07-24 02:02 - 2012-07-24 02:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9314C45D-16FD-4172-B05B-B85AC524674C}
2012-07-24 02:01 - 2012-07-24 02:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{67EA3F70-5A97-4D52-A973-E8E024F64035}
2012-07-23 06:17 - 2012-07-23 06:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{AABA0F99-B0BF-449F-BA71-626EDFB3E491}
2012-07-23 06:16 - 2012-07-23 06:17 - 00000000 ____D C:\Users\Materelli\AppData\Local\{02848BB8-8C8A-46A9-B9E6-A56515DB0755}
2012-07-22 17:19 - 2012-07-22 17:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2DDF4F29-538E-4FA5-884E-F5B674FCC381}
2012-07-22 17:18 - 2012-07-22 17:19 - 00000000 ____D C:\Users\Materelli\AppData\Local\{EDAC6964-1054-46CB-A739-37D55BF6ED6A}
2012-07-22 06:14 - 2012-07-22 06:14 - 00000000 ____A C:\Users\Materelli\Documents\Matish Chiappinelli Nath Norwich hospital.doc.gw9jju1.partial
2012-07-22 05:18 - 2012-07-22 05:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{CB29C2BC-DF2E-4D66-941A-26BFC6CC3EE5}
2012-07-22 05:17 - 2012-07-22 05:18 - 00000000 ____D C:\Users\Materelli\AppData\Local\{1E9F23C1-66E8-4C76-A379-CEEC0829E55C}
2012-07-21 16:39 - 2012-07-21 16:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{888134C3-E9D4-46B0-865A-79CEF4ADF234}
2012-07-21 16:38 - 2012-07-21 16:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E6104F94-A8DB-4933-A181-4D78B46C0B26}
2012-07-21 04:38 - 2012-07-21 04:38 - 00000000 ____D C:\Users\Materelli\AppData\Local\{73718129-BA7B-4996-AFB5-08BDAF637AEC}
2012-07-21 04:37 - 2012-07-21 04:37 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8536A656-3E50-4D50-976D-B27DDA14F6FF}
2012-07-20 15:33 - 2012-07-20 15:33 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4B41CA3D-CAE7-4EE1-ACCD-2F70108FAD6B}
2012-07-20 15:32 - 2012-07-20 15:33 - 00000000 ____D C:\Users\Materelli\AppData\Local\{C913E54F-D61D-4EBB-9BED-DB3F381863E8}
2012-07-20 03:32 - 2012-07-20 03:32 - 00000000 ____D C:\Users\Materelli\AppData\Local\{08EFB1F8-5ED2-402D-9541-E81996B2B0CD}
2012-07-20 03:31 - 2012-07-20 03:31 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9E384429-28C9-4AC0-BCD8-8FBEA041016A}
2012-07-19 11:01 - 2012-07-19 11:01 - 00000000 ____D C:\Users\Materelli\AppData\Local\{DDA6FB1D-13AA-4994-B321-0CEE8F8F481B}
2012-07-19 11:00 - 2012-07-19 11:00 - 00000000 ____D C:\Users\Materelli\AppData\Local\{22866968-EEDC-4A04-9CC0-434124AAEFCE}
2012-07-13 02:06 - 2012-07-13 02:07 - 00000000 ____D C:\Users\Materelli\AppData\Local\{7E8D9116-FDC7-4666-BB63-9A7BA29B5A36}
2012-07-13 02:06 - 2012-07-13 02:06 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E16D384C-D61B-436B-A632-69B280F8120D}
2012-07-12 07:26 - 2012-08-03 10:19 - 00004574 ____A C:\Windows\PFRO.log
2012-07-12 03:30 - 2012-07-12 03:30 - 00000000 ____D C:\Users\Materelli\AppData\Local\{396CBEB3-0ABD-4BAF-9FDC-8D5F79EEF5AB}
2012-07-12 03:29 - 2012-07-12 03:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{5657BEF6-6DD6-4B4E-B61A-90A930166C15}
2012-07-12 02:36 - 2012-07-12 02:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-12 02:32 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 02:32 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 02:32 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 02:32 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 02:32 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 02:32 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 02:32 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 02:32 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 02:32 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 02:32 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 02:32 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 02:32 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 02:32 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 02:32 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 02:32 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 02:32 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 02:32 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 02:32 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 02:32 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 02:32 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 02:32 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 02:32 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 02:32 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 02:32 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 02:32 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 02:32 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 02:32 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 02:32 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 02:30 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 15:29 - 2012-07-11 15:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{EE0E4460-B54D-4261-B03D-3CC6B64DCE6B}
2012-07-11 15:28 - 2012-07-11 15:29 - 00000000 ____D C:\Users\Materelli\AppData\Local\{04ADA130-3444-4A21-8BE1-CE57D23EAC4E}
2012-07-11 04:45 - 2012-07-11 04:45 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-11 04:42 - 2012-07-11 04:44 - 00000000 ____D C:\Program Files\iTunes
2012-07-11 04:42 - 2012-07-11 04:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-11 04:42 - 2012-07-11 04:42 - 00000000 ____D C:\Program Files\iPod
2012-07-11 04:20 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 04:20 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 04:19 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 04:19 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 04:19 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 04:19 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 04:19 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 04:19 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 04:19 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 04:19 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 04:19 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 04:19 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:28 - 2012-07-11 03:28 - 00000000 ____D C:\Users\Materelli\AppData\Local\{15B993DA-ADE8-4646-996F-CD779D4F62F4}
2012-07-11 03:26 - 2012-07-11 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{F2E1F8BF-BE73-4A84-B977-52321FD4B7ED}
2012-07-10 15:09 - 2012-07-10 15:09 - 00000000 ____D C:\Users\Materelli\AppData\Local\{52503ACA-1A7D-45FE-BDF2-9A5049B5CD27}
2012-07-10 15:09 - 2012-07-10 15:09 - 00000000 ____D C:\Users\Materelli\AppData\Local\{2DDB106F-C5C9-4FB9-84B2-46092EEC8E28}
2012-07-10 03:08 - 2012-07-10 03:08 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8F16CA25-C1DE-4DCA-A491-8ECC1A1BA4F5}
2012-07-10 03:07 - 2012-07-10 03:07 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4AE01EF0-BBAF-4ED4-B60F-BB17A324BF9D}
2012-07-09 06:39 - 2012-07-09 06:39 - 00000000 ____D C:\Users\Materelli\AppData\Local\{31C77E61-C671-4A43-827C-621FCFBCFAED}
2012-07-09 06:38 - 2012-07-09 06:38 - 00000000 ____D C:\Users\Materelli\AppData\Local\{975A800D-6AD5-4227-B908-0F675AD3AB51}
2012-07-08 03:27 - 2012-07-08 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E15D0E8C-08DB-429D-B738-498FF5FE0215}
2012-07-08 03:27 - 2012-07-08 03:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{3D943A8A-AB28-4C61-ABEB-2BBED51DE90B}
2012-07-07 15:27 - 2012-07-07 15:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4F77FFA4-8E03-4878-92B0-21FC65F9C7A5}
2012-07-07 15:26 - 2012-07-07 15:27 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9C97D5FA-5956-4273-B171-27C7FEDAD639}
2012-07-07 13:36 - 2012-07-08 04:55 - 00000000 ____D C:\Users\Materelli\Downloads\Four.Brothers.2005.DVDRip.XviD-W00D
2012-07-07 09:39 - 2012-07-07 09:39 - 23784819 ____A C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
2012-07-07 03:26 - 2012-07-07 03:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E40BC333-3DAE-4A3F-8861-763E531B42F3}
2012-07-07 03:26 - 2012-07-07 03:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{74E94D25-6B93-416E-9D1F-5C123F3F8110}
2012-07-06 15:26 - 2012-07-06 15:26 - 00000000 ____D C:\Users\Materelli\AppData\Local\{A22C4D64-620C-433D-85F6-33B2D006E0CC}
2012-07-06 15:25 - 2012-07-06 15:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{AFCD2DAA-440C-4D5F-BA1A-50540FFD93AE}
2012-07-06 03:25 - 2012-07-06 03:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{8AE939EA-7BC1-44A5-A820-DFDC14E8160D}
2012-07-06 03:24 - 2012-07-06 03:25 - 00000000 ____D C:\Users\Materelli\AppData\Local\{D0212EDA-634C-405A-9E6D-3BCB46402408}
2012-07-05 15:24 - 2012-07-05 15:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{9C3AD560-56A2-4198-9D8D-7131F91E2960}
2012-07-05 15:23 - 2012-07-05 15:24 - 00000000 ____D C:\Users\Materelli\AppData\Local\{E398F453-EF8C-4597-BB17-5C790B679F38}
2012-07-05 03:22 - 2012-07-05 03:23 - 00000000 ____D C:\Users\Materelli\AppData\Local\{4017C4C3-B0A4-43FA-BC73-5C417189AA77}
2012-07-05 03:21 - 2012-07-05 03:21 - 00000000 ____D C:\Users\Materelli\AppData\Local\{03F6015F-AC98-4FCC-856A-EDAF23400495}
2012-07-04 15:02 - 2012-07-04 15:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{FE885F4A-F319-4E43-B4C7-DC85320A39B2}
2012-07-04 15:02 - 2012-07-04 15:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{0830330E-EA08-4399-9CE7-A417FBC3EFEA}
2012-07-04 03:00 - 2012-07-04 03:02 - 00000000 ____D C:\Users\Materelli\AppData\Local\{FEDCA7E2-BF96-44CB-BB5C-77D779EF198C}
2012-07-04 03:00 - 2012-07-04 03:00 - 00000000 ____D C:\Users\Materelli\AppData\Local\{A3038A30-3CFB-4A82-9933-92FAAC920BE1}


============ 3 Months Modified Files ========================

2012-08-03 10:19 - 2012-07-12 07:26 - 00004574 ____A C:\Windows\PFRO.log
2012-08-03 10:18 - 2006-11-02 07:42 - 00032614 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-03 10:18 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-03 10:18 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-03 10:18 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-03 10:04 - 2012-04-05 03:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-03 10:04 - 2010-11-04 10:42 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-03 08:56 - 2012-08-03 04:35 - 04729092 ____R (Swearware) C:\Users\Materelli\Desktop\ComboFix.exe
2012-08-03 08:49 - 2012-08-03 04:44 - 00103112 ____A C:\Users\Materelli\Desktop\OTL.Txt
2012-08-03 08:11 - 2010-11-04 10:42 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-03 06:26 - 2012-08-03 05:10 - 00003743 ____A C:\Users\Materelli\Desktop\aswMBR.txt
2012-08-03 06:26 - 2012-08-03 05:10 - 00000512 ____A C:\Users\Materelli\Desktop\MBR.dat
2012-08-03 04:48 - 2012-08-03 04:48 - 00062308 ____A C:\Users\Materelli\Desktop\Extras.Txt
2012-08-03 04:35 - 2006-11-02 04:46 - 00756204 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-03 04:19 - 2012-08-03 04:18 - 04731392 ____A (AVAST Software) C:\Users\Materelli\Desktop\aswMBR.exe
2012-08-03 04:12 - 2012-08-03 04:11 - 00597504 ____A (OldTimer Tools) C:\Users\Materelli\Desktop\OTL.exe
2012-08-02 15:39 - 2009-07-13 07:55 - 01373605 ____A C:\Windows\WindowsUpdate.log
2012-08-02 12:05 - 2012-04-05 03:41 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 12:05 - 2011-06-06 01:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-30 10:10 - 2012-07-25 14:07 - 00007397 ____A C:\Users\Materelli\Desktop\SharePodSettings.xml
2012-07-30 10:09 - 2012-07-25 14:06 - 00010892 ____A C:\Users\Materelli\Desktop\SharePod.log
2012-07-28 13:40 - 2009-07-23 03:08 - 00000680 ____A C:\Users\Materelli\AppData\Local\d3d9caps.dat
2012-07-25 14:05 - 2012-07-25 14:05 - 02141310 ____A C:\Users\Materelli\Desktop\SharePod_3.99.zip
2012-07-22 06:14 - 2012-07-22 06:14 - 00000000 ____A C:\Users\Materelli\Documents\Matish Chiappinelli Nath Norwich hospital.doc.gw9jju1.partial
2012-07-19 11:08 - 2011-10-14 03:46 - 00000874 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-12 07:30 - 2006-11-02 07:21 - 00305264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 02:38 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 04:45 - 2012-07-11 04:45 - 00001696 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-08 03:13 - 2012-04-18 13:09 - 00000952 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-07-07 09:39 - 2012-07-07 09:39 - 23784819 ____A C:\Users\Materelli\Documents\text book of medical physiology by guyton.zip
2012-07-03 14:53 - 2012-07-03 14:53 - 00000916 ____A C:\Users\Public\Desktop\D-Fend Reloaded.lnk
2012-07-03 04:46 - 2010-04-06 13:13 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 13:33 - 2012-06-27 13:33 - 00000000 ____A C:\Windows\setuperr.log
2012-06-27 13:33 - 2012-06-27 13:33 - 00000000 ____A C:\Windows\setupact.log
2012-06-26 15:29 - 2012-06-26 15:29 - 00272144 ____A C:\Windows\Minidump\Mini062712-01.dmp
2012-06-26 15:28 - 2012-06-26 10:37 - 604526378 ____A C:\Windows\MEMORY.DMP
2012-06-26 11:00 - 2012-06-26 10:59 - 00268152 ____A C:\Windows\Minidump\Mini062612-01.dmp
2012-06-26 07:48 - 2012-06-26 07:48 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-26 03:40 - 2012-06-26 03:38 - 25532777 ____A C:\Users\Materelli\Documents\Hotmail.zip
2012-06-22 08:44 - 2009-08-12 04:28 - 00000216 ____A C:\Users\Materelli\Desktop\vdownloader.zip
2012-06-20 09:52 - 2012-06-16 16:13 - 00000198 ____A C:\WirelessDiagLog.csv
2012-06-20 02:45 - 2012-06-09 11:57 - 734340458 ____A C:\Users\Materelli\Downloads\Euro.2004.Netherlands-Czech-Republic dutch.avi
2012-06-19 10:24 - 2012-06-19 08:06 - 00006223 ____A C:\Windows\diagerr.xml
2012-06-19 10:24 - 2012-06-19 08:06 - 00001887 ____A C:\Windows\diagwrn.xml
2012-06-18 01:02 - 2012-07-25 14:06 - 05591552 ____A (Jeffrey Harris) C:\Users\Materelli\Desktop\SharePod.exe
2012-06-14 01:45 - 2012-06-12 02:37 - 00743178 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-14 01:44 - 2012-06-14 01:44 - 00744448 ____A C:\Users\Materelli\Documents\Steroid presentationMJ.ppt
2012-06-13 05:58 - 2012-07-12 02:30 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 03:14 - 2012-06-13 03:18 - 00442859 ___RA C:\Windows\System32\Drivers\etc\hosts.20120613-121804.backup
2012-06-08 13:50 - 2012-06-08 07:45 - 734340458 ____A C:\Users\Materelli\Downloads\Euro2004-Czech Republic vs Holland.avi
2012-06-08 09:59 - 2012-07-11 04:20 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-11 04:20 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 15:19 - 2012-06-07 15:19 - 03127296 ____A C:\Users\Materelli\Documents\Obesity and Metabolism Biochemistry ppt.ppt
2012-06-05 08:47 - 2012-07-11 04:19 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-11 04:19 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-11 04:19 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-11 04:19 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 08:57 - 2012-01-09 14:37 - 00001235 ____A C:\Users\Materelli\Desktop\Free YouTube to MP3 Converter.lnk
2012-06-04 07:29 - 2012-07-11 04:19 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-22 10:14 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 10:14 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 10:14 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 06:58 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-22 10:14 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:58 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-22 10:14 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 06:19 - 2012-06-21 06:58 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 06:19 - 2012-06-21 01:56 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 01:56 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 06:12 - 2012-06-21 06:58 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-12 02:32 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 02:32 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 02:32 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 02:32 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 02:32 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 02:32 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 02:32 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 02:32 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 02:32 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 02:32 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 02:32 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 02:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 02:32 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 02:32 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 02:32 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 02:32 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 02:32 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 02:32 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 02:32 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 02:32 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 02:32 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 02:32 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 02:32 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 02:32 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 02:32 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 02:32 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 02:32 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 02:32 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-11 04:19 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-11 04:19 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-11 04:19 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-11 04:19 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-11 04:19 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-30 04:41 - 2012-05-30 04:41 - 00058815 ____A C:\Users\Materelli\Documents\No Subject.eml
2012-05-29 12:57 - 2011-09-12 15:21 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-29 12:57 - 2011-09-12 15:21 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-23 12:02 - 2012-05-23 12:02 - 00137447 ____A C:\Users\Materelli\Documents\matanswers.pages
2012-05-20 13:00 - 2012-05-20 13:00 - 00000804 ____A C:\Users\Public\Desktop\BitTorrent.lnk
2012-05-18 12:47 - 2012-05-18 12:47 - 00367360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprintpthelper.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00351248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfbasics.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00306552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfprint.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00242736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfluapriv.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00173504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appverif.exe
2012-05-18 12:47 - 2012-05-18 12:47 - 00164168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vrfcore.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00087312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcompat.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00081560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnet.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00061352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfnws.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00052016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfcuzz.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00040120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vfntlmless.dll
2012-05-18 12:47 - 2012-05-18 12:47 - 00021432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cuzzapi.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00711280 ____A (Microsoft Corporation) C:\Windows\System32\vfprintpthelper.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00433344 ____A (Microsoft Corporation) C:\Windows\System32\vfprint.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00404760 ____A (Microsoft Corporation) C:\Windows\System32\vfbasics.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00281616 ____A (Microsoft Corporation) C:\Windows\System32\vfluapriv.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00216776 ____A (Microsoft Corporation) C:\Windows\System32\appverif.exe
2012-05-18 12:24 - 2012-05-18 12:24 - 00183528 ____A (Microsoft Corporation) C:\Windows\System32\vrfcore.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00105016 ____A (Microsoft Corporation) C:\Windows\System32\vfnet.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00090440 ____A (Microsoft Corporation) C:\Windows\System32\vfcompat.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00083216 ____A (Microsoft Corporation) C:\Windows\System32\vfnws.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00048944 ____A (Microsoft Corporation) C:\Windows\System32\vfcuzz.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00045296 ____A (Microsoft Corporation) C:\Windows\System32\vfntlmless.dll
2012-05-18 12:24 - 2012-05-18 12:24 - 00023032 ____A (Microsoft Corporation) C:\Windows\System32\cuzzapi.dll
2012-05-14 08:37 - 2011-02-06 08:04 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-05-14 08:26 - 2012-05-14 08:26 - 00001785 ____A C:\Users\Public\Desktop\Free Offers.lnk
2012-05-14 08:26 - 2012-05-14 08:26 - 00000877 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-14 08:25 - 2012-05-14 08:25 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-14 08:25 - 2012-05-14 08:25 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-12 04:01 - 2012-05-11 07:59 - 00000000 ____A C:\Users\Materelli\AppData\Local\uvtwaocf.log
2012-05-12 04:01 - 2012-05-11 06:53 - 00000024 ____A C:\Users\Materelli\AppData\Local\wekblrep.log
2012-05-12 04:00 - 2012-05-11 06:54 - 01948164 ____A C:\Users\Materelli\AppData\Local\yueefvog.log
2012-05-11 08:03 - 2009-07-31 12:29 - 00017920 ____A C:\Users\Materelli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-11 06:57 - 2012-05-11 06:57 - 00145781 ____A C:\Users\Materelli\AppData\Local\lpcyrgtj.log
2012-05-11 06:57 - 2012-05-11 06:57 - 00003315 ____A C:\Users\Materelli\AppData\Local\perowpqh.log
2012-05-11 06:57 - 2012-05-11 06:57 - 00002774 ____A C:\Users\Materelli\AppData\Local\jwiffhpd.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00953024 ____A C:\Users\Materelli\AppData\Local\xuooholl.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00004048 ____A C:\Users\Materelli\AppData\Local\fnfvqkxk.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00000000 ____A C:\Users\Materelli\AppData\Local\ymvkxrwb.log
2012-05-11 06:53 - 2012-05-11 06:53 - 00000000 ____A C:\Users\Materelli\AppData\Local\vhnaaonm.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4089.95 MB
Available physical RAM: 3470.77 MB
Total Pagefile: 3819.87 MB
Available Pagefile: 3451.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:103.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.94 GB) NTFS
3 Drive e: (2008.03.29_2201) (CDROM) (Total:0.15 GB) (Free:0 GB) UDF
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.76 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 15 GB 39 MB
Partition 3 Primary 283 GB 15 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 15 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 961 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F NTFS Removable 961 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-03 08:39

======================= End Of Log ==========================
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well it replaced the services file so it is a bit curious as to why it did not boot

Download the attached fixlist.txt to the same USB drive as FRST
[attachment=59399:fixlist.txt]
Restart the computer as before to the recovery console
Run FRST and click Fix
Posted Image
A log will be generated on the USB drive

Reboot to normal windows

Once there then please run OTL and post the logs along with the FRST fix log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP