Weird virus issue-I think I'm infected!!

[deargodpleasehelp]

Alright, so I've tried dds.scr AND .pif files, they both refuse to execute on Windows Xp, but work fine on Windows 7, the .scr claiming it's not a valid win32 program and the .pif version saying it's corrupted when I try to run it... On Windows 7 I think I'm still infected on this OS... I use Avast Antivirus, No problems!
I've already found 4 html and I think some trojans in the temp folder, I'm not sure I remember all right, and a Win32-Malware Gen virus...

I can't update Mbam!! It's outdated and if I try to update it it says it failed to Update, I can't tell why, It says An Error has occured. PROGRAM_ERROR_UPDATING (12007, 0, WinHttpsendRequest)...

So I'm really stuck here, I can scan with MBAM, but it doesn't detect anything...
The MBAM Log is an attachment!

I don't have any other AV's than that of Windows Firewall, Windows Defender, Avast! Antivirus FREE edition, and Malware Bytes AntiMalware, which doesn't appear to work.

Just fyi, I can't install AVG on my system (Must've really sizzled it up!) because it says Invalid drive C, my drive is G, I can't change it otherwise everything will get messed up so sorry...

and now my Internet connection seems to just cut out, it says it's connected but it just seems it doesn't want to connect for some reason... Please help me! I only got this working by saving this as a text file and rebooting my computer, Internet connection will last for who knows how long now, and I don't know what to do, can someone please help me? I seem to ran into a massive roadblock here, so if someone can help me get me to where I need to go, that'd be great, thanks so much!! 

Security Check Log:

 Results of screen317's Security Check version 0.99.8 
 Windows 7  (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 ESET Online Scanner v3   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 23 
 Adobe Flash Player 10.1.102.64 
Adobe Reader X
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
``````````End of Log````````````


[recovering disk space - old attachment deleted by admin]

[harry 48]

go here http://www.computerhope.com/forum/index.php/topic,46313.0.html and post the logs

rename mbam to anything

rename hjt to snipper.exe

[deargodpleasehelp]

go here http://www.computerhope.com/forum/index.php/topic,46313.0.html and post the logs

rename mbam to anything

rename hjt to snipper.exe

Hello, I can not seem to install HiJack this, when running the installer it just freezes up on Status...
I can't close it...

Here's the log!
 
Alright, got HiJack to install under Administrative privelages... I'm not sure, there are like 1000 things I don't know about my PC, I swear to god i don't want to reinstall...
 
I'll keep you updated, thank you so much!

Oh also, just discovered Windows 7 had to restart to take some updates up to place or whatnot...

Really worst thing is, some of my programs, (Specifically Paint.NET) Refuse to launch, giving me the error that a device attached to the system is not functioning...
Is this a virus too? I don't know!!

I ran ESET Scanner and I really, tbh think that this scanner is spyware, which messed up my programs! Paint.net worked before!

[recovering disk space - old attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Please try this: Start your computer in Safe Mode and run the MBAM scan. Re-boot in Normal Mode and try running the MBAM scan again. Post the log, if successful.
Here's how to get into Safe Mode.
******************************************************
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O1 - Hosts: 74.208.10.249 gs.apple.com
O15 - Trusted Zone: http://www.cnet.com
O15 - Trusted Zone: http://www.crymod.com
O15 - Trusted Zone: http://www.youtube.com

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Please copy and paste your logs instead of attaching them.

[deargodpleasehelp]

Thank you SuperDave. +1 Thanks to YOU!

  , !
---

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:13 PM, on 1/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\CPUID\PC Wizard 2010\pcwizard.dll
G:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.cnet.com
O15 - Trusted Zone: http://www.crymod.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8399 bytes

[SuperDave]

Did you get a new log after you ran MBAM? Please post it.
You didn't follow the instructions for HJT. Please do it and post the log.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***********************************************
Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

[deargodpleasehelp]

OTL logfile created on: 1/24/2011 5:51:41 PM - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = G:\Users\Administrator\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows | %ProgramFiles% = G:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 201.19 Gb Free Space | 86.39% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 465.76 Gb Total Space | 243.19 Gb Free Space | 52.21% Space Free | Partition Type: NTFS
 
Computer Name: User-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - G:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - G:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - G:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - G:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
MOD - G:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - G:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- G:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Jasmio.MediaCenter.Service) -- G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe ()
SRV:64bit: - (LVPrcS64) -- G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- G:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- G:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (NfsClnt) -- G:\Windows\SysNative\nfsclnt.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- g:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (Apple Mobile Device) -- G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nTuneService) -- G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswMonFlt) -- G:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (VBoxNetAdp) -- G:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) -- G:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- G:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (athr) -- G:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- G:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- G:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- G:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) -- G:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (motmodem) -- G:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (LVPr2Mon) -- G:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- G:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (igfx) -- G:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- G:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (fssfltr) -- G:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- G:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- G:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- G:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- G:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- G:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- G:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- G:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- G:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- G:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RpcXdr) Server for NFS Open RPC (ONCRPC) -- G:\Windows\SysNative\drivers\rpcxdr.sys (Microsoft Corporation)
DRV:64bit: - (NfsRdr) -- G:\Windows\SysNative\drivers\nfsrdr.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- G:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (e1express) Intel(R) -- G:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- G:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- G:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- G:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- G:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- G:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotDev) -- G:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- G:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV:64bit: - (mcdbus) -- G:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (STHDA) -- G:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV - (mcdbus) -- G:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (NVR0Dev) -- G:\Windows\nvoclk64.sys (NVidia Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AE 85 18 FB A9 D5 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://Http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2
FF - prefs.js..extensions.enabledItems: {2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}:1.2.5.1
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {6b539fe7-2e64-481c-8bfd-b2530ee2bc28}:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: G:\Program Files (x86)\Mozilla Firefox\components [2011/01/11 18:07:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: G:\Program Files (x86)\Mozilla Firefox\plugins [2011/01/11 18:07:34 | 000,000,000 | ---D | M]
 
[2010/05/10 17:19:44 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/01/22 23:01:39 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions
[2010/08/13 18:45:21 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/06/12 15:30:02 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010/05/30 16:33:51 | 000,000,000 | ---D | M] (Crash Report Helper) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
[2011/01/18 17:54:44 | 000,000,000 | ---D | M] (Resurrect Pages) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/09/01 18:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 15:19:32 | 000,000,000 | ---D | M] (Unhide Passwords) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2011/01/22 15:23:17 | 000,000,000 | ---D | M] (Firefox Sync) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/25 15:20:37 | 000,000,000 | ---D | M] (Linkification) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/10/20 16:00:11 | 000,000,000 | ---D | M] (Dead Link Checker - MirrorChecker.com) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{6b539fe7-2e64-481c-8bfd-b2530ee2bc28}
[2010/12/07 16:45:54 | 000,000,000 | ---D | M] (FireFTP) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/01/10 20:31:16 | 000,000,000 | ---D | M] (DownloadHelper) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/29 15:03:28 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/12/24 19:24:22 | 000,000,000 | ---D | M] (Adblock Plus) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/29 17:08:42 | 000,000,000 | ---D | M] ("BetterPrivacy") -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/09 13:21:19 | 000,000,000 | ---D | M] (Download Statusbar) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/02 01:08:54 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/01/22 15:23:19 | 000,000,000 | ---D | M] (Greasemonkey) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/02 01:09:39 | 000,000,000 | ---D | M] (Chromifox Basic) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/12/20 14:02:31 | 000,000,000 | ---D | M] () -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/05/28 22:13:19 | 000,000,000 | ---D | M] (Glasser) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2011/01/02 01:09:01 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2011/01/14 21:29:10 | 000,000,000 | ---D | M] (Lazarus: Form Recovery) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/08/14 18:11:35 | 000,000,000 | ---D | M] (Pastebin) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/06/04 15:57:32 | 000,000,000 | ---D | M] (No name found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/11/12 17:36:45 | 000,000,000 | ---D | M] (Restart Firefox) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/07/29 17:08:41 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/09/06 11:17:44 | 000,001,635 | ---- | M] () -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\searchplugins\firefox-add-ons.xml
[2010/09/06 11:16:58 | 000,003,557 | ---- | M] () -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\searchplugins\windows-gadgets.xml
[2011/01/22 23:01:39 | 000,000,000 | ---D | M] (No name found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 12:02:00 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/23 07:11:40 | 000,000,000 | ---D | M] (Java Console) -- G:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- G:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2011/01/11 18:01:46 | 000,393,180 | ---- | M]) - G:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.123fporn.info
O1 - Hosts: 13577 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - G:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] G:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] G:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] G:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast5] G:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crymod.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: documents%20and%20settings ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: driver_g ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localsvr ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: users ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - G:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - G:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 04:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 12:03:48 | 000,000,054 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/07/02 14:40:43 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bb499a2e-2ec8-11df-b696-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bb499a2e-2ec8-11df-b696-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008/11/15 04:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/01/22 20:42:23 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/22 16:32:04 | 000,720,896 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysNative\odbc32.dll
[2011/01/22 16:32:04 | 000,573,440 | ---- | C] (Microsoft Corporation) -- G:\Windows\SysWow64\odbc32.dll
[2011/01/22 15:35:29 | 000,031,232 | ---- | C] (NirSoft) -- G:\Windows\NIRCMD.exe
[2011/01/22 15:35:26 | 000,161,792 | ---- | C] (SteelWerX) -- G:\Windows\SWREG.exe
[2011/01/22 15:35:26 | 000,136,704 | ---- | C] (SteelWerX) -- G:\Windows\SWSC.exe
[2011/01/22 15:35:14 | 000,000,000 | ---D | C] -- G:\Windows\ERDNT
[2011/01/22 15:33:39 | 000,212,480 | ---- | C] (SteelWerX) -- G:\Windows\SWXCACLS.exe
[2011/01/20 17:50:45 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Intel
[2011/01/20 17:50:29 | 000,000,000 | ---D | C] -- G:\Intel
[2011/01/20 17:49:26 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\SystemRequirementsLab
[2011/01/20 17:49:20 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2011/01/15 20:22:57 | 000,237,168 | ---- | C] (AVAST Software) -- G:\Windows\SysNative\aswBoot.exe
[2011/01/11 19:39:53 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\Macroplant
[2011/01/11 18:08:52 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/11 18:08:51 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- G:\Windows\SysNative\GEARAspi64.dll
[2011/01/11 18:08:51 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- G:\Windows\SysWow64\GEARAspi.dll
[2011/01/11 18:08:51 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- G:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program Files\iTunes
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\iTunes
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program Files\iPod
[2011/01/11 18:07:27 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/11 18:06:33 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Apple Software Update
[2011/01/11 18:06:11 | 000,000,000 | ---D | C] -- G:\Program Files\Common Files\Apple
[2011/01/11 18:05:57 | 000,000,000 | ---D | C] -- G:\Program Files\Bonjour
[2011/01/11 18:05:57 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Bonjour
[2011/01/11 17:51:00 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2011/01/11 17:50:56 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\iPhone Explorer
[2011/01/11 17:43:40 | 000,000,000 | ---D | C] -- G:\ProgramData\Jasmio
[2011/01/11 17:43:40 | 000,000,000 | ---D | C] -- G:\Program Files\Jasmio
[2011/01/10 20:22:42 | 000,000,000 | ---D | C] -- G:\Games
[2011/01/10 20:22:11 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\FOMM
[2011/01/10 20:22:06 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\GeMM
[2011/01/10 20:22:06 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/01/03 15:33:07 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/01/01 00:36:48 | 000,000,000 | ---D | C] -- G:\Users\Administrator\Documents\Apple
[2010/12/26 21:55:41 | 000,000,000 | ---D | C] -- G:\Windows\SysWow64\Wat
[2010/12/26 21:55:40 | 000,000,000 | ---D | C] -- G:\Windows\SysNative\Wat
[2010/12/26 16:25:51 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2010/12/26 16:24:04 | 000,000,000 | ---D | C] -- G:\NST
[2010/12/26 16:21:57 | 000,000,000 | ---D | C] -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2010/12/26 16:21:56 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\NeoSmart Technologies
[2010/12/26 14:55:38 | 000,000,000 | ---D | C] -- G:\NVIDIA
[2010/12/25 21:28:34 | 000,000,000 | ---D | C] -- G:\Program Files (x86)\Common Files\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2011/01/24 17:57:10 | 000,000,203 | ---- | M] () -- G:\Users\Administrator\Desktop\GTA IV Job.bat
[2011/01/24 17:26:35 | 000,067,584 | --S- | M] () -- G:\Windows\bootstat.dat
[2011/01/24 17:26:25 | 3169,132,544 | -HS- | M] () -- G:\hiberfil.sys
[2011/01/23 17:08:16 | 000,001,207 | ---- | M] () -- G:\Users\Administrator\Documents\*censored*!.rtf
[2011/01/22 22:19:06 | 000,001,089 | ---- | M] () -- G:\Users\Administrator\Desktop\PaintDot.lnk
[2011/01/22 22:12:04 | 000,014,016 | -H-- | M] () -- G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 22:12:04 | 000,014,016 | -H-- | M] () -- G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 18:01:39 | 000,000,193 | ---- | M] () -- G:\Windows\WORDPAD.INI
[2011/01/22 17:20:47 | 000,000,000 | ---- | M] () -- G:\Windows\SysWow64\config.nt
[2011/01/18 06:43:32 | 000,001,349 | ---- | M] () -- G:\Users\Administrator\Desktop\Fallout New Vegas.lnk
[2011/01/16 15:22:37 | 000,000,000 | -H-- | M] () -- G:\Users\Administrator\Documents\Default.rdp
[2011/01/15 19:53:43 | 000,002,030 | ---- | M] () -- G:\Users\Administrator\Desktop\Crysis (2).lnk
[2011/01/13 18:08:21 | 000,002,162 | ---- | M] () -- G:\Users\Administrator\Desktop\GTA IV Hook Launcher.lnk
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- G:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- G:\Windows\SysWow64\aswBoot.exe
[2011/01/13 03:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\aswBoot.exe
[2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST Software) -- G:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/12 16:54:32 | 000,012,288 | ---- | M] () -- G:\Windows\SysNative\umstartup.etl
[2011/01/11 18:22:05 | 000,038,528 | ---- | M] () -- G:\Users\Administrator\Documents\Voicemail.caf
[2011/01/11 18:21:21 | 000,046,866 | ---- | M] () -- G:\Users\Administrator\Documents\beep-beep.caf
[2011/01/07 17:34:08 | 000,000,343 | RHS- | M] () -- G:\boot.ini
[2011/01/05 20:26:43 | 000,002,706 | ---- | M] () -- G:\Users\Administrator\Documents\Crymod Strength Punchin'.rtf
[2011/01/04 20:27:29 | 000,021,840 | ---- | M] () -- G:\Windows\SysWow64\SIntfNT.dll
[2011/01/04 20:27:29 | 000,017,212 | ---- | M] () -- G:\Windows\SysWow64\SIntf32.dll
[2011/01/04 20:27:28 | 000,012,067 | ---- | M] () -- G:\Windows\SysWow64\SIntf16.dll
[2011/01/04 20:22:08 | 000,006,144 | ---- | M] () -- G:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 15:34:58 | 000,001,114 | ---- | M] () -- G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 03:26:55 | 000,004,812 | ---- | M] () -- G:\Users\Administrator\Documents\Steve Jobs Killer.bat.lnk
[2011/01/01 15:34:21 | 000,000,553 | ---- | M] () -- G:\Users\Administrator\Documents\Steve Jobs info.rtf
[2011/01/01 14:00:20 | 036,512,673 | ---- | M] () -- G:\Users\Administrator\Documents\A Better Explanation of -dat cih-.MP4
[2010/12/31 23:55:44 | 000,496,902 | ---- | M] () -- G:\Windows\SysNative\PerfStringBackup.INI
[2010/12/31 23:55:44 | 000,076,986 | ---- | M] () -- G:\Windows\SysNative\perfh005.dat
[2010/12/31 23:55:44 | 000,071,490 | ---- | M] () -- G:\Windows\SysNative\perfh00A.dat
[2010/12/31 23:55:44 | 000,070,688 | ---- | M] () -- G:\Windows\SysNative\perfh00E.dat
[2010/12/31 23:55:44 | 000,068,128 | ---- | M] () -- G:\Windows\SysNative\perfh019.dat
[2010/12/31 23:55:44 | 000,065,794 | ---- | M] () -- G:\Windows\SysNative\perfh009.dat
[2010/12/31 23:55:44 | 000,046,992 | ---- | M] () -- G:\Windows\SysNative\perfh011.dat
[2010/12/31 23:55:44 | 000,033,110 | ---- | M] () -- G:\Windows\SysNative\perfc005.dat
[2010/12/31 23:55:44 | 000,033,018 | ---- | M] () -- G:\Windows\SysNative\perfc00E.dat
[2010/12/31 23:55:44 | 000,031,244 | ---- | M] () -- G:\Windows\SysNative\perfc00A.dat
[2010/12/31 23:55:44 | 000,029,492 | ---- | M] () -- G:\Windows\SysNative\perfc009.dat
[2010/12/31 23:55:44 | 000,027,868 | ---- | M] () -- G:\Windows\SysNative\perfc019.dat
[2010/12/31 23:55:44 | 000,025,306 | ---- | M] () -- G:\Windows\SysNative\perfc011.dat
[2010/12/29 18:43:23 | 000,000,948 | ---- | M] () -- G:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\WeGame.lnk
[2010/12/28 17:29:13 | 054,661,120 | ---- | M] () -- G:\Users\Administrator\android-x86-1.6-r2.iso
[2010/12/27 15:32:56 | 000,001,057 | ---- | M] () -- G:\Users\Administrator\Desktop\VirtualBox.lnk
[2010/12/26 21:56:00 | 000,014,848 | ---- | M] (Microsoft Corporation) -- G:\Windows\SysNative\slwga.dll
[2010/12/26 21:56:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- G:\Windows\SysWow64\slwga.dll
[2010/12/26 21:55:59 | 000,419,840 | ---- | M] (Microsoft Corporation) -- G:\Windows\SysNative\systemcpl.dll
[2010/12/26 17:19:02 | 000,000,492 | ---- | M] () -- G:\hpfr5550.xml
[2010/12/26 16:24:06 | 000,047,772 | RHS- | M] () -- G:\NTDETECT.COM
[2010/12/26 16:21:57 | 000,001,218 | ---- | M] () -- G:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2010/12/26 16:11:13 | 001,008,640 | ---- | M] (Microsoft Corporation) -- G:\Windows\SysNative\user32.dll
 
========== Files Created - No Company Name ==========
 
[2011/01/23 17:08:16 | 000,001,207 | ---- | C] () -- G:\Users\Administrator\Documents\Me@tsp!n.c0nn!.rtf
[2011/01/22 22:19:06 | 000,001,089 | ---- | C] () -- G:\Users\Administrator\Desktop\PaintDot.lnk
[2011/01/22 18:01:39 | 000,000,193 | ---- | C] () -- G:\Windows\WORDPAD.INI
[2011/01/22 15:35:29 | 000,089,088 | ---- | C] () -- G:\Windows\MBR.exe
[2011/01/22 15:35:26 | 000,256,512 | ---- | C] () -- G:\Windows\PEV.exe
[2011/01/22 15:35:26 | 000,098,816 | ---- | C] () -- G:\Windows\sed.exe
[2011/01/22 15:35:26 | 000,080,412 | ---- | C] () -- G:\Windows\grep.exe
[2011/01/22 15:35:26 | 000,068,096 | ---- | C] () -- G:\Windows\zip.exe
[2011/01/18 17:36:44 | 054,661,120 | ---- | C] () -- G:\Users\Administrator\android-x86-1.6-r2.iso
[2011/01/18 06:43:26 | 000,001,349 | ---- | C] () -- G:\Users\Administrator\Desktop\Fallout New Vegas.lnk
[2011/01/16 15:31:08 | 000,014,538 | ---- | C] () -- G:\Users\Administrator\usericon.png
[2011/01/16 15:22:37 | 000,000,000 | -H-- | C] () -- G:\Users\Administrator\Documents\Default.rdp
[2011/01/11 18:22:05 | 000,038,528 | ---- | C] () -- G:\Users\Administrator\Documents\Voicemail.caf
[2011/01/11 18:21:21 | 000,046,866 | ---- | C] () -- G:\Users\Administrator\Documents\beep-beep.caf
[2011/01/05 20:26:43 | 000,002,706 | ---- | C] () -- G:\Users\Administrator\Documents\Crymod Strength Punchin'.rtf
[2011/01/03 15:34:58 | 000,001,114 | ---- | C] () -- G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 03:26:55 | 000,004,812 | ---- | C] () -- G:\Users\Administrator\Documents\Steve Jobs Killer.bat.lnk
[2011/01/01 15:34:21 | 000,000,553 | ---- | C] () -- G:\Users\Administrator\Documents\Steve Jobs info.rtf
[2011/01/01 13:54:34 | 036,512,673 | ---- | C] () -- G:\Users\Administrator\Documents\A Better Explanation of -dat cih-.MP4
[2010/12/27 15:32:56 | 000,001,057 | ---- | C] () -- G:\Users\Administrator\Desktop\VirtualBox.lnk
[2010/12/26 17:14:47 | 000,000,492 | ---- | C] () -- G:\hpfr5550.xml
[2010/12/26 16:21:57 | 000,001,218 | ---- | C] () -- G:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2010/12/25 21:28:43 | 000,002,441 | ---- | C] () -- G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/11/18 17:52:37 | 000,000,165 | ---- | C] () -- G:\Windows\BasiliskII.ini
[2010/11/10 16:58:27 | 000,042,132 | ---- | C] () -- G:\Windows\XF2000.INI
[2010/09/18 16:56:35 | 000,000,000 | ---- | C] () -- G:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/09/12 15:35:16 | 000,006,144 | ---- | C] () -- G:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 14:49:57 | 000,021,840 | ---- | C] () -- G:\Windows\SysWow64\SIntfNT.dll
[2010/08/25 14:49:57 | 000,017,212 | ---- | C] () -- G:\Windows\SysWow64\SIntf32.dll
[2010/08/25 14:49:57 | 000,012,067 | ---- | C] () -- G:\Windows\SysWow64\SIntf16.dll
[2010/07/27 12:05:42 | 000,001,526 | ---- | C] () -- G:\Windows\HFVExplorer.INI
[2010/07/15 14:51:16 | 000,000,635 | ---- | C] () -- G:\Windows\Rtcw.INI
[2010/05/03 18:17:23 | 000,416,520 | ---- | C] () -- G:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/01 17:34:02 | 000,000,000 | ---- | C] () -- G:\Windows\acroread.ini
[2010/04/08 19:32:37 | 006,294,528 | ---- | C] () -- G:\Windows\SysWow64\MediaIO1.dll
[2010/02/04 17:33:04 | 000,043,520 | ---- | C] () -- G:\Windows\SysWow64\CmdLineExt03.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () -- G:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelFrench.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- G:\Windows\SysWow64\xlive.dll.cat
[2007/03/12 11:01:30 | 000,273,408 | ---- | C] () -- G:\Windows\NVGfxOgl.dll
[2006/11/06 17:39:53 | 000,132,096 | ---- | C] () -- G:\Windows\SysWow64\gc.dll
[2005/06/01 02:10:00 | 000,001,383 | ---- | C] () -- G:\Windows\SysWow64\WLAN.INI
 
========== LOP Check ==========
 
[2010/06/16 17:21:11 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Atari
[2010/06/28 14:08:27 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\DAEMON Tools
[2010/07/25 11:06:44 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010/08/24 15:17:13 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Emulators
[2010/05/03 19:06:47 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/01/31 21:32:46 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Leadertech
[2010/12/11 13:54:37 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\LockHunter
[2010/05/29 16:47:28 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\NVD
[2010/05/29 19:26:42 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SoftGrid Client
[2010/03/20 11:23:20 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SPORE
[2010/04/06 18:54:05 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Stardock
[2011/01/20 17:49:20 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/05/29 16:47:28 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\TP
[2010/12/11 02:19:27 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Windows Live Writer
[2011/01/15 20:05:24 | 000,032,556 | ---- | M] () -- G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

[deargodpleasehelp]

 Results of screen317's Security Check version 0.99.8 
 Windows 7  (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 23 
 Adobe Flash Player 10.1.102.64 
Adobe Reader X
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Alwil Software Avast5 AvastSvc.exe 
 Alwil Software Avast5 AvastUI.exe 
``````````End of Log````````````


Sorry, I've lost some of my logs now... Re-gathering them...


Edit: There also seems to be a real problem with my 'hiding' files! Normally most viruses turn off and disable showing hidden files, to make it hard to remove hidden viruses right?

Well instead it did the EXACT Opposite! I turned on Do *NOT* show 'super' system files in Explorer properties, now it's back on!
I know that because I have roaming desktop.ini files on my desktop, and nearly every folder I go in that I have checked so far, show these files... Not fun.

[deargodpleasehelp]

    OTL logfile created on: 1/24/2011 6:14:40 PM - Run 2
OTL by OldTimer - Version 3.2.20.5     Folder = G:\Users\Administrator\Downloads
64bit- Ultimate Edition   (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU |  Date Format: M/d/yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical  Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File |  84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = G: | %SystemRoot% = G:\Windows |  %ProgramFiles% = G:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 201.19 Gb Free Space |  86.39% Space Free | Partition Type: NTFS
Drive D: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00%  Space Free | Partition Type: UDF
Drive G: | 465.76 Gb Total Space | 243.19 Gb Free Space |  52.21% Space Free | Partition Type: NTFS
 
Computer Name: User-PC | User Name: Administrator | Logged  in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit  Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No  Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList)  ==========
 
PRC - G:\Users\Administrator\Downloads\OTL(2).exe (OldTimer  Tools)
PRC - G:\Users\Administrator\Downloads\SecurityCheck(2).exe  ()
PRC - G:\Program Files\Alwil Software\Avast5\AvastUI.exe  (AVAST Software)
PRC - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe  (AVAST Software)
PRC - G:\Program Files (x86)\Mozilla Firefox\firefox.exe  (Mozilla Corporation)
PRC - G:\Program Files (x86)\Common Files\Apple\Mobile  Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - G:\Program Files (x86)\Common  Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - G:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (SafeList)  ==========
 
MOD - G:\Users\Administrator\Downloads\OTL(2).exe (OldTimer  Tools)
MOD - G:\Program Files\Alwil Software\Avast5\snxhk.dll  (AVAST Software)
MOD -  G:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll  (Microsoft Corporation)
 
 
========== Win32 Services (SafeList)  ==========
 
SRV:64bit: - (avast! Antivirus) -- G:\Program  Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (Jasmio.MediaCenter.Service) --  G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe  ()
SRV:64bit: - (LVPrcS64) -- G:\Program Files\Common  Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (WinDefend) -- G:\Program Files\Windows  Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) --  G:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (NfsClnt) --  G:\Windows\SysNative\nfsclnt.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- g:\Program  Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (Apple Mobile Device) -- G:\Program Files (x86)\Common  Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) --  G:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) --  G:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft  Corporation)
SRV - (nTuneService) -- G:\Program Files (x86)\NVIDIA  Corporation\nTune\nTuneService.exe (NVIDIA)
 
 
========== Driver Services (SafeList)  ==========
 
DRV:64bit: - (aswMonFlt) --  G:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (VBoxNetAdp) --  G:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) --  G:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) --  G:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (athr) --  G:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) --  G:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- G:\Windows\SysNative\drivers\atikmpag.sys  (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) --  G:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BCMH43XX) --  G:\Windows\SysNative\drivers\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (motmodem) --  G:\Windows\SysNative\drivers\motmodem.sys (Motorola)
DRV:64bit: - (LVPr2Mon) --  G:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) --  G:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (igfx) --  G:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) --  G:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (fssfltr) --  G:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) --  G:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) --  G:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- G:\Windows\SysNative\drivers\vpcuxd.sys  (Microsoft Corporation)
DRV:64bit: - (amdsata) --  G:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) --  G:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) --  G:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) --  G:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) --  G:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) --  G:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RpcXdr) Server for NFS Open RPC  (ONCRPC) -- G:\Windows\SysNative\drivers\rpcxdr.sys (Microsoft Corporation)
DRV:64bit: - (NfsRdr) --  G:\Windows\SysNative\drivers\nfsrdr.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) --  G:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (e1express) Intel(R) --  G:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) --  G:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) --  G:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- G:\Windows\SysNative\drivers\b57nd60a.sys  (Broadcom Corporation)
DRV:64bit: - (hcw85cir) --  G:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) --  G:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MotDev) --  G:\Windows\SysNative\drivers\motodrv.sys (Motorola Inc)
DRV:64bit: - (PID_0928) Logitech QuickCam  Express(PID_0928) -- G:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV:64bit: - (mcdbus) --  G:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (STHDA) --  G:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV - (mcdbus) -- G:\Windows\SysWOW64\drivers\mcdbus.sys  (MagicISO, Inc.)
DRV - (NVR0Dev) -- G:\Windows\nvoclk64.sys (NVidia Corp.)
 
 
========== Standard Registry (SafeList)  ==========
 
 
========== Internet Explorer  ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page  = G:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet  Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search  Page =
IE - HKCU\SOFTWARE\Microsoft\Internet  Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start  Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start  Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start  Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start  Page Redirect Cache_TIMESTAMP = AE 85 18 FB A9 D5 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start  Page Restore = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet  Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet  Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage:  "http://Http://www.google.com/"
FF - prefs.js..extensions.enabledItems:  {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems:  [email protected]:1.5
FF - prefs.js..extensions.enabledItems:  {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems:  {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems:  {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems:  {078fac48-925f-4524-7cfe-85d44b8f4f98}:1.2
FF - prefs.js..extensions.enabledItems:  {2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}:1.2.5.1
FF - prefs.js..extensions.enabledItems:  {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.6.2
FF - prefs.js..extensions.enabledItems:  [email protected]:2.1
FF - prefs.js..extensions.enabledItems:  {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems:  {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems:  {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems:  [email protected]:0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems:  [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems:  {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems:  {6b539fe7-2e64-481c-8bfd-b2530ee2bc28}:2.1
FF - prefs.js..extensions.enabledItems:  {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems:  {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.0
FF - prefs.js..extensions.enabledItems:  [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems:  [email protected]:3.6.5
 
 
FF - HKLM\software\mozilla\Mozilla Firefox  3.6.13\extensions\\Components: G:\Program Files (x86)\Mozilla  Firefox\components [2011/01/11 18:07:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox  3.6.13\extensions\\Plugins: G:\Program Files (x86)\Mozilla Firefox\plugins  [2011/01/11 18:07:34 | 000,000,000 | ---D | M]
 
[2010/05/10 17:19:44 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/01/24 17:56:06 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions
[2010/08/13 18:45:21 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010/06/12 15:30:02 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{00352F14-3F76-4e4d-ACFF-9976D7E4B3B9}
[2010/05/30 16:33:51 | 000,000,000 | ---D | M] (Crash Report  Helper) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{078fac48-925f-4524-7cfe-85d44b8f4f98}
[2011/01/18 17:54:44 | 000,000,000 | ---D | M] (Resurrect  Pages) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}
[2010/09/01 18:21:58 | 000,000,000 | ---D | M] (Microsoft  .NET Framework Assistant) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 15:19:32 | 000,000,000 | ---D | M] (Unhide Passwords)  -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2011/01/22 15:23:17 | 000,000,000 | ---D | M] (Firefox  Sync) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/08/25 15:20:37 | 000,000,000 | ---D | M]  (Linkification) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/10/20 16:00:11 | 000,000,000 | ---D | M] (Dead Link  Checker - MirrorChecker.com) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{6b539fe7-2e64-481c-8bfd-b2530ee2bc28}
[2010/12/07 16:45:54 | 000,000,000 | ---D | M] (FireFTP) --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2011/01/10 20:31:16 | 000,000,000 | ---D | M]  (DownloadHelper) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/29 15:03:28 | 000,000,000 | ---D | M] (Easy Youtube  Video Downloader) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/12/24 19:24:22 | 000,000,000 | ---D | M] (Adblock  Plus) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/29 17:08:42 | 000,000,000 | ---D | M] ("BetterPrivacy")  -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/10/09 13:21:19 | 000,000,000 | ---D | M] (Download  Statusbar) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011/01/02 01:08:54 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2011/01/22 15:23:19 | 000,000,000 | ---D | M]  (Greasemonkey) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/02 01:09:39 | 000,000,000 | ---D | M] (Chromifox  Basic) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/12/20 14:02:31 | 000,000,000 | ---D | M] () --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/05/28 22:13:19 | 000,000,000 | ---D | M] (Glasser) --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2011/01/02 01:09:01 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2011/01/14 21:29:10 | 000,000,000 | ---D | M] (Lazarus:  Form Recovery) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/08/14 18:11:35 | 000,000,000 | ---D | M] (Pastebin) --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/06/04 15:57:32 | 000,000,000 | ---D | M] (No name  found) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/11/12 17:36:45 | 000,000,000 | ---D | M] (Restart  Firefox) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/07/29 17:08:41 | 000,000,000 | ---D | M] (1-Click  YouTube Video Downloader) -- G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\extensions\[email protected]
[2010/09/06 11:17:44 | 000,001,635 | ---- | M] () --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\searchplugins\firefox-add-ons.xml
[2010/09/06 11:16:58 | 000,003,557 | ---- | M] () --  G:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vuivsh9s.default\searchplugins\windows-gadgets.xml
[2011/01/24 17:56:06 | 000,000,000 | ---D | M] (No name  found) -- G:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/07 12:02:00 | 000,000,000 | ---D | M] (Java  Console) -- G:\Program Files (x86)\Mozilla  Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/23 07:11:40 | 000,000,000 | ---D | M] (Java  Console) -- G:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun  Microsystems, Inc.) -- G:\Program Files (x86)\Mozilla  Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2011/01/11 18:01:46 | 000,393,180 | ---- |  M]) - G:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       www.007guard.com
O1 - Hosts: 127.0.0.1       007guard.com
O1 - Hosts: 127.0.0.1       008i.com
O1 - Hosts: 127.0.0.1       www.008k.com
O1 - Hosts: 127.0.0.1       008k.com
O1 - Hosts: 127.0.0.1       www.00hq.com
O1 - Hosts: 127.0.0.1       00hq.com
O1 - Hosts: 127.0.0.1       010402.com
O1 - Hosts: 127.0.0.1       www.032439.com
O1 - Hosts: 127.0.0.1       032439.com
O1 - Hosts: 127.0.0.1       www.0scan.com
O1 - Hosts: 127.0.0.1       0scan.com
O1 - Hosts: 127.0.0.1       1000gratisproben.com
O1 - Hosts: 127.0.0.1       www.1000gratisproben.com
O1 - Hosts: 127.0.0.1       1001namen.com
O1 - Hosts: 127.0.0.1       www.1001namen.com
O1 - Hosts: 127.0.0.1       100888290cs.com
O1 - Hosts: 127.0.0.1       www.100888290cs.com
O1 - Hosts: 127.0.0.1       www.100sexlinks.com
O1 - Hosts: 127.0.0.1       100sexlinks.com
O1 - Hosts: 127.0.0.1       10sek.com
O1 - Hosts: 127.0.0.1       www.10sek.com
O1 - Hosts: 127.0.0.1       www.1-2005-search.com
O1 - Hosts: 127.0.0.1       1-2005-search.com
O1 - Hosts: 127.0.0.1       www.123fporn.info
O1 - Hosts: 13577 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser  Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - G:\Program  Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] G:\Windows\SysNative\igfxtray.exe  (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence]  G:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] G:\Program  Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast5] G:\Program Files\Alwil  Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [NVIDIA nTune] G:\Program Files  (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktop = 1
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  NoActiveDesktopChanges = 1
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  ConsentPromptBehaviorUser = 3
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 -  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009  [] - G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] -  G:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnet.com ([www] http in  Trusted sites)
O15 - HKCU\..Trusted Domains: crymod.com ([www] http in  Trusted sites)
O15 - HKCU\..Trusted Domains: documents%20and%20settings  ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: driver_g ([]file in Trusted  sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in  Trusted sites)
O15 - HKCU\..Trusted Domains: localsvr ([]file in Local  intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Local  intranet)
O15 - HKCU\..Trusted Domains: users ([]file in Local  intranet)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in  Trusted sites)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10}  http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab  (Windows Live OneCare safety scanner control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}  http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key  error.)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549}  http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab (Reg Error:  Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}  http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}  http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java  Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}  http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java  Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}  http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java  Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters:  DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall  {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help  {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim  {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com  {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml  {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com  {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\Program Files (x86)\Common  Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  G:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet -  (SystemPropertiesPerformance.exe) -  G:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile)  -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  G:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg  Error: Key error. - G:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck -  {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck -  {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/15 04:52:50 | 000,161,088 |  R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/11 12:03:48 | 000,000,054 |  R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/07/02 14:40:43 | 000,000,000 |  ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 -  MountPoints2\{bb499a2e-2ec8-11df-b696-806e6f6e6963}\Shell - "" = AutoRun
O33 -  MountPoints2\{bb499a2e-2ec8-11df-b696-806e6f6e6963}\Shell\AutoRun\command -  "" = D:\Autorun.exe -- [2008/11/15 04:52:50 | 000,161,088 | R--- | M]  (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1"  %*
O35:64bit: - HKLM\..exefile [open] -- "%1"  %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] --  "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] --  "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error.  File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error.  File not found
 
========== Files/Folders - Created Within 30  Days ==========
 
[2011/01/22 20:42:23 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start  Menu\Programs\HiJackThis
[2011/01/22 16:32:04 | 000,720,896 | ---- | C] (Microsoft  Corporation) -- G:\Windows\SysNative\odbc32.dll
[2011/01/22 16:32:04 | 000,573,440 | ---- | C] (Microsoft  Corporation) -- G:\Windows\SysWow64\odbc32.dll
[2011/01/22 15:35:29 | 000,031,232 | ---- | C] (NirSoft) --  G:\Windows\NIRCMD.exe
[2011/01/22 15:35:26 | 000,161,792 | ---- | C] (SteelWerX)  -- G:\Windows\SWREG.exe
[2011/01/22 15:35:26 | 000,136,704 | ---- | C] (SteelWerX)  -- G:\Windows\SWSC.exe
[2011/01/22 15:35:14 | 000,000,000 | ---D | C] --  G:\Windows\ERDNT
[2011/01/22 15:33:39 | 000,212,480 | ---- | C] (SteelWerX)  -- G:\Windows\SWXCACLS.exe
[2011/01/20 17:50:45 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\Intel
[2011/01/20 17:50:29 | 000,000,000 | ---D | C] -- G:\Intel
[2011/01/20 17:49:26 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\SystemRequirementsLab
[2011/01/20 17:49:20 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2011/01/15 20:22:57 | 000,237,168 | ---- | C] (AVAST  Software) -- G:\Windows\SysNative\aswBoot.exe
[2011/01/11 19:39:53 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\Macroplant
[2011/01/11 18:08:52 | 000,000,000 | ---D | C] --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/11 18:08:51 | 000,126,312 | ---- | C] (GEAR  Software Inc.) -- G:\Windows\SysNative\GEARAspi64.dll
[2011/01/11 18:08:51 | 000,107,368 | ---- | C] (GEAR  Software Inc.) -- G:\Windows\SysWow64\GEARAspi.dll
[2011/01/11 18:08:51 | 000,034,152 | ---- | C] (GEAR  Software Inc.) -- G:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program  Files\iTunes
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\iTunes
[2011/01/11 18:08:33 | 000,000,000 | ---D | C] -- G:\Program  Files\iPod
[2011/01/11 18:07:27 | 000,000,000 | ---D | C] --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/11 18:06:33 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\Apple Software Update
[2011/01/11 18:06:11 | 000,000,000 | ---D | C] -- G:\Program  Files\Common Files\Apple
[2011/01/11 18:05:57 | 000,000,000 | ---D | C] -- G:\Program  Files\Bonjour
[2011/01/11 18:05:57 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\Bonjour
[2011/01/11 17:51:00 | 000,000,000 | ---D | C] --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2011/01/11 17:50:56 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\iPhone Explorer
[2011/01/11 17:43:40 | 000,000,000 | ---D | C] --  G:\ProgramData\Jasmio
[2011/01/11 17:43:40 | 000,000,000 | ---D | C] -- G:\Program  Files\Jasmio
[2011/01/10 20:22:42 | 000,000,000 | ---D | C] -- G:\Games
[2011/01/10 20:22:11 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\FOMM
[2011/01/10 20:22:06 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\GeMM
[2011/01/10 20:22:06 | 000,000,000 | ---D | C] --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/01/03 15:33:07 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011/01/01 00:36:48 | 000,000,000 | ---D | C] -- G:\Users\Administrator\Documents\Apple
[2010/12/26 21:55:41 | 000,000,000 | ---D | C] --  G:\Windows\SysWow64\Wat
[2010/12/26 21:55:40 | 000,000,000 | ---D | C] --  G:\Windows\SysNative\Wat
[2010/12/26 16:25:51 | 000,000,000 | ---D | C] -- G:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2010/12/26 16:24:04 | 000,000,000 | ---D | C] -- G:\NST
[2010/12/26 16:21:57 | 000,000,000 | ---D | C] --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2010/12/26 16:21:56 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\NeoSmart Technologies
[2010/12/26 14:55:38 | 000,000,000 | ---D | C] -- G:\NVIDIA
[2010/12/25 21:28:34 | 000,000,000 | ---D | C] -- G:\Program  Files (x86)\Common Files\Adobe
 
========== Files - Modified Within 30 Days  ==========
 
[2011/01/24 17:57:52 | 000,000,100 | ---- | M] () --  G:\Users\Administrator\Desktop\GTA IV Job.bat
[2011/01/24 17:26:35 | 000,067,584 | --S- | M] () --  G:\Windows\bootstat.dat
[2011/01/24 17:26:25 | 3169,132,544 | -HS- | M] () --  G:\hiberfil.sys
[2011/01/23 17:08:16 | 000,001,207 | ---- | M] () --  G:\Users\Administrator\Documents\Me@tsp!n.c0nn!.rtf
[2011/01/22 22:19:06 | 000,001,089 | ---- | M] () --  G:\Users\Administrator\Desktop\PaintDot.lnk
[2011/01/22 22:12:04 | 000,014,016 | -H-- | M] () --  G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 22:12:04 | 000,014,016 | -H-- | M] () --  G:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/22 18:01:39 | 000,000,193 | ---- | M] () --  G:\Windows\WORDPAD.INI
[2011/01/22 17:20:47 | 000,000,000 | ---- | M] () --  G:\Windows\SysWow64\config.nt
[2011/01/18 06:43:32 | 000,001,349 | ---- | M] () --  G:\Users\Administrator\Desktop\Fallout New Vegas.lnk
[2011/01/16 15:22:37 | 000,000,000 | -H-- | M] () --  G:\Users\Administrator\Documents\Default.rdp
[2011/01/15 19:53:43 | 000,002,030 | ---- | M] () --  G:\Users\Administrator\Desktop\Crysis (2).lnk
[2011/01/13 18:08:21 | 000,002,162 | ---- | M] () --  G:\Users\Administrator\Desktop\GTA IV Hook Launcher.lnk
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST  Software) -- G:\Windows\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST  Software) -- G:\Windows\SysWow64\aswBoot.exe
[2011/01/13 03:47:23 | 000,237,168 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\aswBoot.exe
[2011/01/13 03:41:44 | 000,273,488 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\drivers\aswSP.sys
[2011/01/13 03:40:20 | 000,051,792 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\drivers\aswTdi.sys
[2011/01/13 03:37:34 | 000,029,264 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\drivers\aswRdr.sys
[2011/01/13 03:37:23 | 000,062,032 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/01/13 03:37:12 | 000,020,560 | ---- | M] (AVAST  Software) -- G:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/01/12 16:54:32 | 000,012,288 | ---- | M] () --  G:\Windows\SysNative\umstartup.etl
[2011/01/11 18:22:05 | 000,038,528 | ---- | M] () --  G:\Users\Administrator\Documents\Voicemail.caf
[2011/01/11 18:21:21 | 000,046,866 | ---- | M] () --  G:\Users\Administrator\Documents\beep-beep.caf
[2011/01/07 17:34:08 | 000,000,343 | RHS- | M] () --  G:\boot.ini
[2011/01/05 20:26:43 | 000,002,706 | ---- | M] () --  G:\Users\Administrator\Documents\Crymod Strength Punchin'.rtf
[2011/01/04 20:27:29 | 000,021,840 | ---- | M] () --  G:\Windows\SysWow64\SIntfNT.dll
[2011/01/04 20:27:29 | 000,017,212 | ---- | M] () --  G:\Windows\SysWow64\SIntf32.dll
[2011/01/04 20:27:28 | 000,012,067 | ---- | M] () --  G:\Windows\SysWow64\SIntf16.dll
[2011/01/04 20:22:08 | 000,006,144 | ---- | M] () --  G:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/03 15:34:58 | 000,001,114 | ---- | M] () --  G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 03:26:55 | 000,004,812 | ---- | M] () --  G:\Users\Administrator\Documents\Steve Jobs Killer.bat.lnk
[2011/01/01 15:34:21 | 000,000,553 | ---- | M] () --  G:\Users\Administrator\Documents\Steve Jobs info.rtf
[2011/01/01 14:00:20 | 036,512,673 | ---- | M] () --  G:\Users\Administrator\Documents\A Better Explanation of -dat cih-.MP4
[2010/12/31 23:55:44 | 000,496,902 | ---- | M] () --  G:\Windows\SysNative\PerfStringBackup.INI
[2010/12/31 23:55:44 | 000,076,986 | ---- | M] () --  G:\Windows\SysNative\perfh005.dat
[2010/12/31 23:55:44 | 000,071,490 | ---- | M] () --  G:\Windows\SysNative\perfh00A.dat
[2010/12/31 23:55:44 | 000,070,688 | ---- | M] () --  G:\Windows\SysNative\perfh00E.dat
[2010/12/31 23:55:44 | 000,068,128 | ---- | M] () --  G:\Windows\SysNative\perfh019.dat
[2010/12/31 23:55:44 | 000,065,794 | ---- | M] () --  G:\Windows\SysNative\perfh009.dat
[2010/12/31 23:55:44 | 000,046,992 | ---- | M] () --  G:\Windows\SysNative\perfh011.dat
[2010/12/31 23:55:44 | 000,033,110 | ---- | M] () --  G:\Windows\SysNative\perfc005.dat
[2010/12/31 23:55:44 | 000,033,018 | ---- | M] () --  G:\Windows\SysNative\perfc00E.dat
[2010/12/31 23:55:44 | 000,031,244 | ---- | M] () --  G:\Windows\SysNative\perfc00A.dat
[2010/12/31 23:55:44 | 000,029,492 | ---- | M] () --  G:\Windows\SysNative\perfc009.dat
[2010/12/31 23:55:44 | 000,027,868 | ---- | M] () --  G:\Windows\SysNative\perfc019.dat
[2010/12/31 23:55:44 | 000,025,306 | ---- | M] () --  G:\Windows\SysNative\perfc011.dat
[2010/12/29 18:43:23 | 000,000,948 | ---- | M] () --  G:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick  Launch\WeGame.lnk
[2010/12/28 17:29:13 | 054,661,120 | ---- | M] () --  G:\Users\Administrator\android-x86-1.6-r2.iso
[2010/12/27 15:32:56 | 000,001,057 | ---- | M] () --  G:\Users\Administrator\Desktop\VirtualBox.lnk
[2010/12/26 21:56:00 | 000,014,848 | ---- | M] (Microsoft  Corporation) -- G:\Windows\SysNative\slwga.dll
[2010/12/26 21:56:00 | 000,013,824 | ---- | M] (Microsoft  Corporation) -- G:\Windows\SysWow64\slwga.dll
[2010/12/26 21:55:59 | 000,419,840 | ---- | M] (Microsoft  Corporation) -- G:\Windows\SysNative\systemcpl.dll
[2010/12/26 17:19:02 | 000,000,492 | ---- | M] () --  G:\hpfr5550.xml
[2010/12/26 16:24:06 | 000,047,772 | RHS- | M] () --  G:\NTDETECT.COM
[2010/12/26 16:21:57 | 000,001,218 | ---- | M] () --  G:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2010/12/26 16:11:13 | 001,008,640 | ---- | M] (Microsoft  Corporation) -- G:\Windows\SysNative\user32.dll
 
========== Files Created - No Company Name  ==========
 
[2011/01/24 17:46:15 | 000,000,100 | ---- | C] () --  G:\Users\Administrator\Desktop\GTA IV Job.bat
[2011/01/23 17:08:16 | 000,001,207 | ---- | C] () --  G:\Users\Administrator\Documents\Me@tsp!n.c0nn!.rtf
[2011/01/22 22:19:06 | 000,001,089 | ---- | C] () --  G:\Users\Administrator\Desktop\PaintDot.lnk
[2011/01/22 18:01:39 | 000,000,193 | ---- | C] () --  G:\Windows\WORDPAD.INI
[2011/01/22 15:35:29 | 000,089,088 | ---- | C] () --  G:\Windows\MBR.exe
[2011/01/22 15:35:26 | 000,256,512 | ---- | C] () --  G:\Windows\PEV.exe
[2011/01/22 15:35:26 | 000,098,816 | ---- | C] () --  G:\Windows\sed.exe
[2011/01/22 15:35:26 | 000,080,412 | ---- | C] () --  G:\Windows\grep.exe
[2011/01/22 15:35:26 | 000,068,096 | ---- | C] () --  G:\Windows\zip.exe
[2011/01/18 17:36:44 | 054,661,120 | ---- | C] () --  G:\Users\Administrator\android-x86-1.6-r2.iso
[2011/01/18 06:43:26 | 000,001,349 | ---- | C] () --  G:\Users\Administrator\Desktop\Fallout New Vegas.lnk
[2011/01/16 15:31:08 | 000,014,538 | ---- | C] () --  G:\Users\Administrator\usericon.png
[2011/01/16 15:22:37 | 000,000,000 | -H-- | C] () --  G:\Users\Administrator\Documents\Default.rdp
[2011/01/11 18:22:05 | 000,038,528 | ---- | C] () --  G:\Users\Administrator\Documents\Voicemail.caf
[2011/01/11 18:21:21 | 000,046,866 | ---- | C] () --  G:\Users\Administrator\Documents\beep-beep.caf
[2011/01/05 20:26:43 | 000,002,706 | ---- | C] () --  G:\Users\Administrator\Documents\Crymod Strength Punchin'.rtf
[2011/01/03 15:34:58 | 000,001,114 | ---- | C] () --  G:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/02 03:26:55 | 000,004,812 | ---- | C] () --  G:\Users\Administrator\Documents\Steve Jobs Killer.bat.lnk
[2011/01/01 15:34:21 | 000,000,553 | ---- | C] () --  G:\Users\Administrator\Documents\Steve Jobs info.rtf
[2011/01/01 13:54:34 | 036,512,673 | ---- | C] () --  G:\Users\Administrator\Documents\A Better Explanation of -dat cih-.MP4
[2010/12/27 15:32:56 | 000,001,057 | ---- | C] () --  G:\Users\Administrator\Desktop\VirtualBox.lnk
[2010/12/26 17:14:47 | 000,000,492 | ---- | C] () --  G:\hpfr5550.xml
[2010/12/26 16:21:57 | 000,001,218 | ---- | C] () --  G:\Users\Public\Desktop\EasyBCD 2.0.lnk
[2010/12/25 21:28:43 | 000,002,441 | ---- | C] () --  G:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2010/11/18 17:52:37 | 000,000,165 | ---- | C] () --  G:\Windows\BasiliskII.ini
[2010/11/10 16:58:27 | 000,042,132 | ---- | C] () --  G:\Windows\XF2000.INI
[2010/09/18 16:56:35 | 000,000,000 | ---- | C] () --  G:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/09/12 15:35:16 | 000,006,144 | ---- | C] () --  G:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/25 14:49:57 | 000,021,840 | ---- | C] () --  G:\Windows\SysWow64\SIntfNT.dll
[2010/08/25 14:49:57 | 000,017,212 | ---- | C] () --  G:\Windows\SysWow64\SIntf32.dll
[2010/08/25 14:49:57 | 000,012,067 | ---- | C] () --  G:\Windows\SysWow64\SIntf16.dll
[2010/07/27 12:05:42 | 000,001,526 | ---- | C] () --  G:\Windows\HFVExplorer.INI
[2010/07/15 14:51:16 | 000,000,635 | ---- | C] () -- G:\Windows\Rtcw.INI
[2010/05/03 18:17:23 | 000,416,520 | ---- | C] () --  G:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/01 17:34:02 | 000,000,000 | ---- | C] () --  G:\Windows\acroread.ini
[2010/04/08 19:32:37 | 006,294,528 | ---- | C] () --  G:\Windows\SysWow64\MediaIO1.dll
[2010/02/04 17:33:04 | 000,043,520 | ---- | C] () --  G:\Windows\SysWow64\CmdLineExt03.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () --  G:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- G:\Windows\SysWow64\msjetoledb40.dll
[2009/06/19 19:06:22 | 000,197,912 | ---- | C] () --  G:\Windows\SysWow64\physxcudart_20.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () -- G:\Windows\SysWow64\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 000,058,648 | ---- | C] () --  G:\Windows\SysWow64\AgCPanelFrench.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () --  G:\Windows\SysWow64\xlive.dll.cat
[2007/03/12 11:01:30 | 000,273,408 | ---- | C] () --  G:\Windows\NVGfxOgl.dll
[2006/11/06 17:39:53 | 000,132,096 | ---- | C] () --  G:\Windows\SysWow64\gc.dll
[2005/06/01 02:10:00 | 000,001,383 | ---- | C] () --  G:\Windows\SysWow64\WLAN.INI
 
========== LOP Check ==========
 
[2010/06/16 17:21:11 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Atari
[2010/06/28 14:08:27 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\DAEMON  Tools
[2010/07/25 11:06:44 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\DAEMON  Tools Lite
[2010/08/24 15:17:13 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Emulators
[2010/05/03 19:06:47 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/01/31 21:32:46 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Leadertech
[2010/12/11 13:54:37 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\LockHunter
[2010/05/29 16:47:28 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\NVD
[2010/05/29 19:26:42 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SoftGrid  Client
[2010/03/20 11:23:20 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SPORE
[2010/04/06 18:54:05 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Stardock
[2011/01/20 17:49:20 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\SystemRequirementsLab
[2010/05/29 16:47:28 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\TP
[2010/12/11 02:19:27 | 000,000,000 | ---D | M] -- G:\Users\Administrator\AppData\Roaming\Windows  Live Writer
[2011/01/15 20:05:24 | 000,032,556 | ---- | M] () --  G:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >


Oh btw, in the attachment, can somebody tell me if something's missing from my Windows Explorer properties window?
Also to note how Do not Show System Files circled in red, seemingly turned off after reboot...



[recovering disk space - old attachment deleted by admin]

[SuperDave]

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnet.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: crymod.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: documents%20and%20settings ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: driver_g ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: localsvr ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: users ([]file in Local intranet)
O15 - HKCU\..Trusted Domains: youtube.com ([www] http in Trusted sites)

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
****************************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[jhonas]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help.
These instruction were for this computer only. Following these instructions on your computer may cause more harm than good.

[deargodpleasehelp]

Sorry for the wait
 
---
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:13 PM, on 1/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\CPUID\PC Wizard 2010\pcwizard.dll
G:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.cnet.com
O15 - Trusted Zone: http://www.crymod.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8399 bytes

[SuperDave]

That is not what I asked for. Please follow the directions in Reply # 9 and post the logs.

[deargodpleasehelp]

That is not what I asked for. Please follow the directions in Reply # 9 and post the logs.

Oh, sorry...

I can't run ComboFix, running it gives me some error that it can't rename combofix to Combofix[1] or something like that...

I'll try again when I have time tomarrow!

[deargodpleasehelp]

I'm sorry superdave but I believe Combofix is pure-bred malware, man.

I can't execute Paintdot net My favorite and only usable program for photo editing, I had to reinstall it now on another drive and now it's gotten messed up again! Come on!!!

Running it gives me the following error:
A device attached to the system is not functioning.

Running it from the Windows Task bar after the error claims it cannot 'find' the item, and asks me yes or no to delete it or not.



This bleepin' sucks!! I can't reinstall it, it refuses to install or execute once extracted, nothing!!! I can't install it or do anything!!!
I just want a good quality photo editing program for free.... I don't want a trial or anything..

I can't even run OTL...
****!!!!

[SuperDave]

Ok. Let's try to get it running this way.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

[deargodpleasehelp]

Ok. Let's try to get it running this way.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Edit/Update:

Oh yeah, nice job back there, OTL froze solid, ie would not run, task manager got royaly screwed and Explorer got dumped solid. Fortunetly restarting resulted in a blue screen of death, though it froze and gotstuck on the desktop before displaying it it seems, a hard; ACPI reboot purged these issues quickly...

Pentium D 2.52Ghz processor, 4 GB RAM

Windows 7 x64 bit Ultimate

I don't know if there's another virus or something on my PC doing this or Combofix truly is Rogue and nobody has yet found this out yet.

I have just ran combofix and now that I've install Photoshop Pro on my PC now, now IT'S corrupted, and gives the same error message when trying to run. Seriously wt*?

Double edit: And now apparently Opening any window or link in Explorer opens double... Interesting.

@Superdave: I had to restart, apparently, so where would the combofix log be stored at? I checked the temp folder to no avail.

[SuperDave]

I need to see the ComboFix log.

[deargodpleasehelp]

Unfortunately Superdave, I was unable to get the Combofix log because Windows failed to boot recently...

Yes, I know, I should've been trying to re-run the scan when I had the time, but my harddrive has been giving me weird clicks and whirs, and attempting to boot Windows 7 today...failed...

It got stuck on the loading screen: 'Starting Windows' But no animation, it just got stuck like that...
Data is still accessible and readable, though who knows for how long... I'm not sure, it also could be a rootkit attempting to run on my system at boot... how would I tell? Please help me, Avast only does scans to 32 bit OSes, so x64 bit I do not think is a possibility yet, and with my luck the rootkit already executed

Plus I feel I cannot trust Combofix to run on Windows 7... god forbid it does something to my payed, and loved program Photoshop, I won't be getting a refund, my PC will, except where it'll go is in the parking lot.

I'm not trying to be paranoid or something of this program, but I just cannot trust it because it was the last program I ran before noticing problems... Or.... Maybe Paint.NET is the virus...-D

[SuperDave]

4. Please DO NOT run any other tools or scans while I am helping you.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

The ComboFix log should be here: C:\Combo-Fix folder

[deargodpleasehelp]

Here are two things I quoted you in my original reply. Yet, you went ahead and installed PhotoShop Pro.

To Run the SFC /SCANNOW Command in Windows 7
1. Open an elevated command prompt.

2. To Scan and Repair System Files
NOTE: Scans the integrity of all protected system files and repairs the system files if needed.
A) In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take some time to finish.



B) Go to step 4.

3. To Only Verify if the System Files are Corrupted
NOTE: Scans and only verifies the integrity of all proteced system files only.
A) In the elevated command prompt, type sfc /verifyonly and press Enter.

4. When the scan is complete, hopefully you will see all is ok like the screenshot below.
NOTE: If not, then you can attempt to run a System Restore using a restore point dated before the bad file occured to fix it. You may need to repeat doing a System Restore until you find a older restore point that may work.



5. When done, close the elevated command prompt.

The ComboFix log should be here: C:\Combo-Fix folder

This was on Windows Xp, my other harddrive, seen as C: whilst my windows 7 drive remains untouched. anyways, The Combofix folder apparently just links to the "My Computer" folder...

Also, just wanted to add this: If I cannot boot from Windows 7, how would I run SFC on it? SFC from Xp on a 7 system will just heavily damage and may corrupt the OS, so I suppose you mean the Windows 7 repair disk correct? Ok.

Will attempt to retrieve the combofix log from the drive anyways...

[SuperDave]

You did not do as I asked in Reply # 3 for the HJT fix. Please do it now and post the new log.
Also, you did not do as I asked in Reply  # 9 for the OTL fix. Unless you do as I ask, I will discontinue my help.

[deargodpleasehelp]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:46:13 PM, on 1/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Mozilla Firefox\firefox.exe
G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\CPUID\PC Wizard 2010\pcwizard.dll
G:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "G:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://www.cnet.com
O15 - Trusted Zone: http://www.crymod.com
O15 - Trusted Zone: http://www.youtube.com
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8399 bytes

[deargodpleasehelp]

I finished the OTL fix, it rebooted my PC...

Though the desktop was unresponsive for what appeared to be a minute or two, I hit Ctrl+Alt+Delete and got task manager up, Runonce.exe was running and it might have been the OTL still running, so I ignored that, didn't seem too suspicious.

I ran the OTL fix, all there is to it. If I'm correct, this is the OTL log file I found generated today:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cnet.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\crymod.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\documents%20and%20settings\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\driver_g\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\www\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localsvr\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\users\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\youtube.com\www\ not found.
========== COMMANDS ==========
G:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Administrator
->Temp folder emptied: 48867464 bytes
->Temporary Internet Files folder emptied: 1036711 bytes
->Java cache emptied: 30985 bytes
->FireFox cache emptied: 60868747 bytes
->Flash cache emptied: 814 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 308422 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 106.00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02042011_170457

[SuperDave]

No, you did not follow the directions for HJT. I want you to fix the items listed.

[deargodpleasehelp]

No, you did not follow the directions for HJT. I want you to fix the items listed.

Yes, but they don't show up in the list to fix... 

*** EDIT: Nvm, I just didn't update the log... sorry, my mistake

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:47 PM, on 2/4/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
G:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
G:\Program Files (x86)\Internet Explorer\iexplore.exe
G:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
G:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
G:\Program Files (x86)\Trend Micro\HiJackThis\snipper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast5] "G:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [OTL] "G:\Users\Administrator\Downloads\OTL.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "G:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "G:\Users\Administrator\AppData\Local\NVIDIA Corporation\nTune\Profiles\sysdflt.nsu"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: g:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - G:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - G:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - G:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - G:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - G:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - G:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - G:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Media Center Support Service (Jasmio.MediaCenter.Service) - Unknown owner - G:\Program Files\Jasmio\Media Center Support Service\Jasmio.MediaCenter.Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - G:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - G:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%windir%\system32\nfsrc.dll,-5001 (NfsClnt) - Unknown owner - G:\Windows\system32\nfsclnt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - G:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - G:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - G:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - G:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - G:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - g:\program files\idt\wdm\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - G:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - G:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - G:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - G:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - G:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - G:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - G:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - G:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8331 bytes


Anything else I need to do?

And for some reason, not sure if I mentioned this or not, but running a search on Windows start menu and clicking 'see more resulsts' brings up an explorer window that should automatically search, but promptly disappears. An attempt to try again does nothing...

What now?

[deargodpleasehelp]

Alright I've ran SFC and now I'm officially stumped.

What the

[Allan]

Thread closed and your warning level is being increased to moderated posts.