BleepingComputer.com: Agent_r.AWW detected by AVG (MBAM gives clean log)

Hi!

The sptd.sys file is from a CD Emulation software such as Daemon Tools. That file should be fine.

I'm going to check the other one now.

OTL Custom Scan

We need to create a new OTL Report

• Double click on the icon on your desktop.
  
• Click the "Scan All Users" checkbox.
  
• Click on the NONE button at the top.
  
• In the custom scan box paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.sys
  atapi.sys
  usbaapl.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  hlp.dat
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  /md5stop

  
  
• Push the button.
  
• One report will open, copy and paste it in a reply here:
  • OTL.txt <-- Will be opened

NEXT:



Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware
  
• Select the Update tab
  
• Click Check for Updates
  
• After the update have been completed, Select the Scanner tab.
  
• Select Perform quick scan, then click on Scan
  
• Leave the default options as it is and click on Start Scan
  
• When done, you will be prompted. Click OK, then click on Show Results
  
• Checked (ticked) all items and click on Remove Selected
  
• After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
  
  
• Check
  
• Click the button.
  
• Accept any security warnings from your browser.
  
• Check
  
• Make sure that the option "Remove found threats" is Unchecked
  
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
  
  
• Push the Start button.
  
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
  
• When the scan completes, push
  
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
  
• Push the button.
  
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Hi, Agent ST,

here are the logs:

OTL logfile created on: 15/01/2012 9:53:39 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\karolinka\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.43% Memory free
4.21 Gb Paging File | 3.04 Gb Available in Paging File | 72.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.59 Gb Total Space | 118.96 Gb Free Space | 52.73% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.74 Gb Free Space | 10.22% Space Free | Partition Type: NTFS

Computer Name: KAROLINKA-PC | User Name: karolinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: 99583899.sys - Driver
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {24D03478-AE3C-D57D-9746-6F8333C585A5} - Themes Setup
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {899002FC-89F4-D78D-8B1C-5BEF3F7C812D} - Microsoft Windows Media Player 11.0
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/02/03 17:21:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009/02/03 17:21:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009/02/03 17:21:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/02/03 17:20:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/02/03 17:20:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/02/03 17:20:38 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/02/03 17:55:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009/02/03 17:55:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/02/03 17:20:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: USBAAPL.SYS >
[2011/08/02 17:38:56 | 000,042,496 | ---- | M] (Apple, Inc.) MD5=83CAFCB53201BBAC04D822F32438E244 -- C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers\usbaapl.sys
[2011/08/02 17:38:56 | 000,042,496 | ---- | M] (Apple, Inc.) MD5=83CAFCB53201BBAC04D822F32438E244 -- C:\WINDOWS\System32\DriverStore\FileRepository\usbaapl.inf_6a7688fb\usbaapl.sys
[2010/04/16 07:33:36 | 000,041,472 | ---- | M] (Apple, Inc.) MD5=E8C1B9EBAC65288E1B51E8A987D98AF6 -- C:\WINDOWS\System32\drivers\usbaapl.sys

< MD5 for: VOLSNAP.SYS >
[2006/11/02 01:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\drivers\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
[2009/04/10 22:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
[2009/02/03 17:21:45 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=327639D2EC931B057F3826A51ADC73E9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.20709_none_146318401803edb5\volsnap.sys
[2009/02/03 17:21:46 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f47b2c78\volsnap.sys
[2009/02/03 17:21:46 | 000,211,000 | ---- | M] (Microsoft Corporation) MD5=80DC0C9BCB579ED9815001A4D37CBFD5 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6000.16586_none_137ff950ff29e447\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
[2008/01/18 23:42:48 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\WINDOWS\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

< MD5 for: WININIT.EXE >
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe
[2008/01/18 23:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 01:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 01:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< End of report >


==
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
karolinka :: KAROLINKA-PC [administrator]

15/01/2012 10:52:38 AM
mbam-log-2012-01-15 (10-52-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181683
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


==
ESET Scan:

C:\Documents and Settings\karolinka\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\karolinka\Downloads\registrybooster.exe Win32/RegistryBooster application

==
Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
HijackThis 2.0.2
CCleaner
Java™ 6 Update 30
Java™ SE Runtime Environment 6
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

==
pumex

Hi!

These threat(s) below are currently being detected because they are programs that claim to boost the registry.

Quote

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  
• Look for "Java Platform, Standard Edition".
  
• Click the "Download JRE" button to the right.
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• From the list, select your OS and Platform:
  
  • 32-bit Select: Windows x86 Offline.
    
  • 64-bit Select: Windows x64.
  
  
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u2-windows-i586-s.exe (or jre-7u2-windows-x64.exe for 64-bit) to install the newest version.
  
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  
• When the Java Setup - Welcome window opens, click the Install > button.
  
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  
• Click Ok and reboot your computer.

NEXT



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

• Go to Start > Control Panel > Add/Remove Programs
  
• Remove ALL instances of Adobe Reader
  
• Re-boot your computer as required.
  
• Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader

Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Your version of Internet Explorer is outdated.

• Please download IE 9 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-9/worldwide-languages
  
• Save it to your desktop.
  
• Double click on the file on your desktop to start the installation process.
  
• Reboot

NEXT:



We need to remove a program. To do this please do the following:

• Click Start
  
• Go to Control Panel
  
• Double click on Programs and Features
  
• Find and click the Uninstall button to uninstall the following (if present):
  
  • HijackThis 2.0.2

NEXT:



OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

  
  
• Push
  
• OTL may ask to reboot the machine. Please do so if asked.
  
• Click the OK button.
  
• A report will open. Copy and Paste that report in your next reply.
  
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
  
• Copy and Paste the following code into the textbox.
  
  
  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
  
  
• Push the button.
  
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Thanks, Agent ST.

here is my report regarding your latest instructions.

First, I'd like to tell you that I encountered a problem/scare.
It happened when I was removing the HijackThis (HJT).
I decided to do that right after removing Adobe Acrobat (before attempting to install IE).
I clicked on the HJT name in the Control Panel and got this message:
"This will remove HJT settings for the registry and exit. You will have to delete HijackThis.exe manually".
I clicked OK and it got removed from the Control Panel.
Next I looked for that HijackThis.exe file and found out that it was in this directory:
C:\Program Files\Trend Micro\HijackThis
I deleted the HijackThis folder and then this problem happened - I don't remember - right after deletion or I did reboot after that.

Anyway, what I had was basically empty screen, with no icons, so I wasn't able to do anything!!!!

I got scared, but came up with only solution I knew... I restarted in Safe Mode with networking and restored that stupid HijackThis folder. Then restarted normally and it worked! But it means that HJT is not removed completely.

The other issue I encountered was the Internet Explorer.

When Trying to install, I got this message: "IE did not finish installing".
I tried the Troubleshooting, but it is extremely (at least for me) complicated because there are so many possible causes.
For example, I was told that I have to install 11 security updates. I tried doing that, but they were not installed. Which of them (or lack of them) is causing he installation problem? I don't know, it's impossible for me to solve this (there maybe dozens of combinations with 11 updates...).

Because I use IE very rarely, I decided not to install it and maybe do it later when Microsoft solves this problem (apparently they know there is a big problem with this).

Still, sometimes it is necessary to use IE, so could you please help me to install IE?
And what about those 11 security updates - is there any easier way to solve it??? Please help with this too, if you can.

Finally, I had a small problem with OTL Fix.
When I was running it, I noticed writing: "Not Responding". But at the same time the hour-glass or rather small wheel was turning. Then "Not Responding" disappeared, but inn the background the icons on the screen were gone and nothing was going on for few minutes and only last 2 items in that Custom Scans/Fixes were showing.
At that time, I clicked on Run Fix again. It looked like it was running again and it showed "Not Responding" again, then "Not Responding" disappeared, but nothing was going on in the OTL window. After a few minutes, I clicked outside the OTL window and the green bar at the bottom of the OTL window started to move and soon I got the message to click OK to reboot. After that I got the OTL log (OTLFix #1).

But because I wasn't sure it was done properly, I ran OTL Fix again (OTLFix #2).

I will paste all the logs below, but first I will address your question re outstanding issues:

- the laptop runs quite well, I don't see any slowing down or refusing to perform any operations, although I must say that I use it now only to perform the tasks you're telling me to do;
- I don't have any anti-virus now; which one would you suggest? I don't want to go back to AVG...
- how would you suggest solve the issues from this stage:
- HJT
- IE
- Windows security updates

Thanks in advance for more help.

Here are the logs:
OTLFix #1:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\karolinka\Desktop\cmd.bat deleted successfully.
C:\Users\karolinka\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\karolinka\Desktop\cmd.bat deleted successfully.
C:\Users\karolinka\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: karolinka
->Temp folder emptied: 51986863 bytes
->Temporary Internet Files folder emptied: 18409131 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52166145 bytes
->Flash cache emptied: 611 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 111424511 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 223.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: karolinka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01162012_121437

Files\Folders moved on Reboot...
C:\Users\karolinka\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...
==

OTLFix #2:
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\Hosts
C:\Users\karolinka\Desktop\cmd.bat deleted successfully.
C:\Users\karolinka\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\karolinka\Desktop\cmd.bat deleted successfully.
C:\Users\karolinka\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: karolinka
->Temp folder emptied: 32490 bytes
->Temporary Internet Files folder emptied: 37294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5670002 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: karolinka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01162012_122943

Files\Folders moved on Reboot...
C:\Users\karolinka\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...



==
OTLCustom Scan:
OTL logfile created on: 16/01/2012 12:36:38 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\karolinka\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.61% Memory free
4.21 Gb Paging File | 3.11 Gb Available in Paging File | 73.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.59 Gb Total Space | 120.84 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive D: | 7.29 Gb Total Space | 0.74 Gb Free Space | 10.22% Space Free | Partition Type: NTFS

Computer Name: KAROLINKA-PC | User Name: karolinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 12:17:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\karolinka\Desktop\OTL.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\karolinka\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/10/13 22:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/10/19 22:54:01 | 000,638,976 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\fpdisp6.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/11 16:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008/05/21 17:26:10 | 000,451,896 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/12 10:54:24 | 000,050,696 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2007/02/12 06:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 06:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/02/07 06:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
PRC - [2006/12/20 12:27:40 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/12/20 12:27:38 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/20 23:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/15 02:34:18 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 02:33:58 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 02:31:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 02:31:31 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/23 17:11:44 | 000,339,968 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/04/23 17:11:34 | 000,237,673 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2007/04/23 17:11:34 | 000,114,787 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2007/04/23 17:11:34 | 000,032,768 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
MOD - [2007/04/23 17:10:44 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/03/30 03:04:48 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/12/20 12:18:56 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/12/20 12:00:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 22:15:19 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/13 22:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/10/13 22:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/08/11 15:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/09/30 02:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2009/10/19 22:54:01 | 000,638,976 | ---- | M] (FinePrint Software, LLC) [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\fpdisp6.exe -- (FinePrint Dispatcher v6)
SRV - [2008/05/21 17:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 06:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/04/23 17:11:44 | 000,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 17:11:42 | 000,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/12 06:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/02/07 06:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 23:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll -- (ASChannel)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/09/01 00:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/10/11 18:29:35 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kl1.sys -- (kl1)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/05/16 06:10:32 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 06:10:30 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\purendis.sys -- (purendis)
DRV - [2007/03/28 08:44:22 | 000,140,424 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/05 13:28:00 | 000,076,288 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/03/01 04:49:58 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/02/24 06:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 09:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/23 08:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/30 09:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/01 23:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/06/28 08:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=73&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/07 20:38:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 11:20:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{96196123-4458-4274-9392-31555CDE029E}: C:\Users\karolinka\AppData\Local\{96196123-4458-4274-9392-31555CDE029E}\ [2011/06/07 18:03:12 | 000,000,000 | ---D | M]

[2011/01/17 10:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Extensions
[2011/01/17 10:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/01/09 11:59:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\l5gvipr0.default\extensions
[2009/09/02 07:21:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\l5gvipr0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/06 19:09:11 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\l5gvipr0.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/07 20:45:02 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\l5gvipr0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2010/06/15 20:29:07 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\karolinka\AppData\Roaming\Mozilla\Firefox\Profiles\l5gvipr0.default\extensions\radiobar@toolbar
[2012/01/07 20:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/17 10:29:52 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/01/17 10:29:51 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/01/17 10:29:51 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/01/17 10:29:49 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/01/17 10:29:49 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/01/17 10:29:48 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/01/17 10:29:48 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2011/12/20 23:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 20:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 20:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/16 12:29:49 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VeriSoft Access Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\karolinka\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [googletalk] C:\Users\karolinka\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4246B7FF-D8FF-47BD-8DE9-0D5CE6915CBB}: DhcpNameServer = 64.59.160.13 64.59.160.15 64.59.161.68
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\APSHook.dll) -C:\WINDOWS\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\karolinka\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\karolinka\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/01/16 10:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/01/15 11:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/15 11:19:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\karolinka\Desktop\esetsmartinstaller_enu.exe
[2012/01/14 01:47:04 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\karolinka\Desktop\aswMBR.exe
[2012/01/14 00:53:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/01/13 00:03:09 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/12 23:27:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/11 23:12:12 | 000,000,000 | ---D | C] -- C:\Users\karolinka\Desktop\FOLDER
[2012/01/11 10:43:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/11 10:43:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/11 10:43:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/11 07:59:11 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\karolinka\Desktop\avgremover.exe
[2012/01/11 07:53:04 | 000,000,000 | ---D | C] -- C:\Users\karolinka\AppData\Local\Adobe
[2012/01/10 10:45:30 | 008,821,856 | ---- | C] (OPSWAT, Inc.) -- C:\Users\karolinka\Desktop\AppRemover.exe
[2012/01/10 10:09:48 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\karolinka\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/10 10:00:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/10 09:14:27 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\karolinka\Desktop\ComboFix.exe
[2012/01/09 12:17:06 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\karolinka\Desktop\OTL.exe
[2012/01/09 12:01:00 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\karolinka\Desktop\tdsskiller.exe
[2012/01/07 02:05:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\karolinka\Desktop\dds.scr
[2012/01/07 01:31:02 | 000,000,000 | R--D | C] -- C:\Users\karolinka\Documents
[2012/01/06 22:51:52 | 000,000,000 | ---D | C] -- C:\Users\karolinka\Desktop\New Folder
[2012/01/06 19:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/06 19:14:37 | 013,913,696 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\karolinka\Desktop\SUPERAntiSpyware.exe
[2012/01/06 16:37:30 | 000,000,000 | ---D | C] -- C:\Users\karolinka\AppData\Roaming\Tific
[2012/01/06 16:37:30 | 000,000,000 | ---D | C] -- C:\Users\karolinka\AppData\Local\tific
[2012/01/06 12:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/06 12:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/06 12:05:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/06 11:58:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/01/06 11:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/06 02:27:58 | 001,754,456 | ---- | C] (Secunia) -- C:\Users\karolinka\Desktop\PSISetup.exe
[2012/01/06 02:26:50 | 000,000,000 | ---D | C] -- C:\Users\karolinka\AppData\Local\Secunia PSI
[2012/01/06 02:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[1 C:\Users\karolinka\Desktop\FOLDER\Documents\Documents\*.tmp files -> C:\Users\karolinka\Desktop\FOLDER\Documents\Documents\*.tmp -> ]
[1 C:\Users\karolinka\Desktop\*.tmp files -> C:\Users\karolinka\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 12:35:02 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/01/16 12:32:44 | 000,000,126 | ---- | M] () -- C:\Windows\System32\FpLicense6.ini
[2012/01/16 12:32:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 12:32:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 12:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/16 12:32:05 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/16 12:30:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/16 12:29:49 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/16 12:12:34 | 000,000,134 | ---- | M] () -- C:\Users\karolinka\Desktop\Internet Explorer Troubleshooting.url
[2012/01/16 11:20:24 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 11:15:18 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/16 11:15:18 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/15 16:07:25 | 000,879,683 | ---- | M] () -- C:\Users\karolinka\Desktop\SecurityCheck.exe
[2012/01/15 15:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6ED3C11A-7FAA-4F5A-A57C-FE5C34FB4763}.job
[2012/01/15 14:52:04 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/15 11:19:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\karolinka\Desktop\esetsmartinstaller_enu.exe
[2012/01/14 11:08:04 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\karolinka\Desktop\tdsskiller.exe
[2012/01/14 02:11:59 | 000,000,512 | ---- | M] () -- C:\Users\karolinka\Desktop\MBR.dat
[2012/01/14 01:47:20 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\karolinka\Desktop\aswMBR.exe
[2012/01/14 00:52:27 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\karolinka\Desktop\ComboFix.exe
[2012/01/14 00:30:59 | 373,070,884 | ---- | M] () -- C:\registrybackup.reg
[2012/01/13 05:59:18 | 372,312,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/11 07:59:51 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\karolinka\Desktop\avgremover.exe
[2012/01/10 10:46:02 | 008,821,856 | ---- | M] (OPSWAT, Inc.) -- C:\Users\karolinka\Desktop\AppRemover.exe
[2012/01/09 20:00:00 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - karolinka.job
[2012/01/09 12:17:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\karolinka\Desktop\OTL.exe
[2012/01/07 20:38:16 | 000,000,870 | ---- | M] () -- C:\Users\karolinka\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/07 20:38:16 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/07 02:05:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\karolinka\Desktop\dds.scr
[2012/01/07 02:01:58 | 000,050,477 | ---- | M] () -- C:\Users\karolinka\Desktop\Defogger.exe
[2012/01/06 19:35:51 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/06 19:15:49 | 000,294,216 | ---- | M] () -- C:\Users\karolinka\Desktop\gmer.zip
[2012/01/06 19:15:04 | 013,913,696 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\karolinka\Desktop\SUPERAntiSpyware.exe
[2012/01/06 19:13:11 | 000,396,071 | ---- | M] () -- C:\Users\karolinka\Desktop\MiniToolBox.exe
[2012/01/06 12:08:56 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 02:29:13 | 000,000,899 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/06 02:25:21 | 000,005,648 | ---- | M] () -- C:\Users\karolinka\AppData\Local\d3d9caps.dat
[2012/01/06 02:08:30 | 001,754,456 | ---- | M] (Secunia) -- C:\Users\karolinka\Desktop\PSISetup.exe
[2011/12/20 12:45:27 | 000,073,728 | ---- | M] () -- C:\Users\karolinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\karolinka\Desktop\FOLDER\Documents\Documents\*.tmp files -> C:\Users\karolinka\Desktop\FOLDER\Documents\Documents\*.tmp -> ]
[1 C:\Users\karolinka\Desktop\*.tmp files -> C:\Users\karolinka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/16 11:23:08 | 000,000,134 | ---- | C] () -- C:\Users\karolinka\Desktop\Internet Explorer Troubleshooting.url
[2012/01/16 11:20:23 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/01/16 11:20:23 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/16 11:07:53 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/14 02:11:59 | 000,000,512 | ---- | C] () -- C:\Users\karolinka\Desktop\MBR.dat
[2012/01/14 00:24:42 | 373,070,884 | ---- | C] () -- C:\registrybackup.reg
[2012/01/11 10:43:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/11 10:43:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/11 10:43:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/11 10:43:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/11 10:43:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/11 08:26:41 | 372,312,857 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/07 20:38:16 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/07 20:38:15 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/07 02:01:55 | 000,050,477 | ---- | C] () -- C:\Users\karolinka\Desktop\Defogger.exe
[2012/01/06 22:29:30 | 000,302,592 | ---- | C] () -- C:\Users\karolinka\Desktop\gmer.exe
[2012/01/06 19:35:51 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/06 19:15:48 | 000,294,216 | ---- | C] () -- C:\Users\karolinka\Desktop\gmer.zip
[2012/01/06 19:13:05 | 000,396,071 | ---- | C] () -- C:\Users\karolinka\Desktop\MiniToolBox.exe
[2012/01/06 19:11:31 | 000,879,683 | ---- | C] () -- C:\Users\karolinka\Desktop\SecurityCheck.exe
[2012/01/06 12:08:56 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/06 02:29:13 | 000,000,899 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/01/06 02:29:13 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011/07/15 20:06:41 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/04/18 14:43:17 | 000,000,552 | ---- | C] () -- C:\Users\karolinka\AppData\Local\d3d8caps.dat
[2009/10/24 12:37:49 | 000,000,126 | ---- | C] () -- C:\Windows\System32\FpLicense6.ini
[2009/10/24 12:37:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fpent6a.dll
[2009/09/23 21:02:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/23 21:02:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/04 18:27:44 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/04 18:27:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/04 18:11:56 | 000,000,000 | RHS- | C] () -- C:\Windows\FFSSET.BIN
[2009/09/04 18:00:02 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2009/09/04 17:58:00 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/09/04 17:54:40 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/08/03 14:40:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/22 11:58:33 | 000,005,648 | ---- | C] () -- C:\Users\karolinka\AppData\Local\d3d9caps.dat
[2009/02/23 19:18:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/13 19:53:10 | 000,073,728 | ---- | C] () -- C:\Users\karolinka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/10 18:39:42 | 000,000,132 | ---- | C] () -- C:\Users\karolinka\AppData\Roaming\wklnhst.dat
[2009/02/03 21:03:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/02/02 18:21:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/05/18 07:12:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/05/18 07:12:16 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/18 06:56:47 | 000,103,437 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/05/18 01:09:11 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/18 01:09:11 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/18 01:09:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/02/27 12:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/20 12:00:12 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/13 22:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 22:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 002,238,816 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 16:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 04:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2005/04/03 12:30:00 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998/05/06 17:10:00 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll

========== LOP Check ==========

[2011/01/17 10:32:05 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\Greyfirst
[2009/09/04 18:57:30 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\ScanSoft
[2009/09/02 09:17:59 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\SystemRequirementsLab
[2009/02/10 18:39:48 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\Template
[2012/01/06 16:37:31 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\Tific
[2011/03/20 11:51:07 | 000,000,000 | ---D | M] -- C:\Users\karolinka\AppData\Roaming\uTorrent
[2012/01/16 12:30:48 | 000,032,756 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/15 15:23:01 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6ED3C11A-7FAA-4F5A-A57C-FE5C34FB4763}.job

========== Purity Check ==========



========== Custom Scans ==========


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/20 23:24:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/20 23:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/11/02 20:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/11/02 20:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/11/02 20:45:23 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/11/02 22:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 21:14:44 | 001,794,848 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 06:38:46

< End of report >

==
pumex

Hi pumex!

Quote

That's very interesting.

Quote

From what I can gather you're not able to install Internet Explorer at this time.

Are you seeing a ton of updates that need to be installed for Windows? Have you tried to install any of those updates yet?

Quote

See below;

No Anti-Virus Present

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors

• Avira AntiVir Personal
  
• avast! 6 Home Edition
  
• Microsoft Security Essentials

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.



NEXT:



Can you try to remove HijackThis with this utility:

http://support.microsoft.com/mats/Program_Install_and_Uninstall

Click on the Run Now button and see if you have better luck trying to uninstall it then.

If you're still having issues with it try this utility:

RevoUninstaller
Download and install Revo Uninstaller

• Double click the Revo Uninstaller icon on your desktop to start the program
  
• Scroll through the listed programs and Right Click on the program you wish to uninstall
  
• From the pop out menu choose Uninstall
  
• Click Yes to the confirmation dialogue
  
• In the next window select the Advanced mode
  
• Click Next to start uninstalling the program
  
• Answer Yes to confirm the uninstall
  
• When the program has completed the four steps, click Next to allow the program to search for leftovers
  
• Once complete, click Next, then Finish
  
• Repeat the above steps for any other programs you wish to remove.

Hi, Agent ST.

I think I still have some problems with the laptop.

Here is what I did following your instructions:

WINDOWS UPDATES

I'm getting message that I should do 11 important updates.
I tried to install each of the separately and failed to do so in each case,
getting the Code 80096001 error (i.e., unknown errors).

ANTIVIRUS SOFTWARE

I tried all 3 that you listed (separately of course, installing and deleting them, but keeping Avira for now), in this order:
1/ avast!
2/ Microsoft Security Essentials
3/ Avira

When I installed avast, I realized that it didn't have Firewall. I tried to turn on Windows Firewall, but got a message that it wasn't possible.
So I uninstalled avast and installed Microsoft Security Essentials, but the result was the same - no Firewall, including Windows Firewall.

So finally, I installed Avira and here is what happened

- while installing Avira Free Antivirus I got this error message: "Avira has identified potential incompatible software on your computer. The following products must be uninstalled manually: AVG Anti-Virus Free Edition 2011".
I didn't do anything about that... By the way, I believed that we finally got rid of AVG from this laptop. Where is Avira still finding it?
Anyway, I clicked on Next and following that Express Installation of Avira was taking place. In the end, I got this message: "Congratulations. You have successfully installed..."

Then Avira was updating itself and there was a quick scan. It resulted in zero infections.

Concerned about the Firewall, I went to Avira's Overview, but found out there that the Free version doesn't offer Firewall...

There, I got this message: "Windows Firewall was unable to make the requested updates". It offered to download MicrosoftFixit.wu.Run.exe. I did that and used the recommended option - Check + Fix. At the end, I got this message:
"Issues found: Windows Update components must be repaired". Then it looked liked the issues were being fixed and the message was: "Fixed".
The following Result Report was provided:

Windows Update Publisher details
Issues found
Windows Update components must be repaired
Fixed
Repair Windows Update components

Succeeded

Issues checked
Default Windows Update data locations have changed
Checked
Issues found Detection details
6
Windows Update components must be repaired Fixed
One or more Windows Update components are configured incorrectly
Issues checked Detection details
6
Default Windows Update data locations have changed Checked
The location where Windows Update stores data has changed and must be repaired
Detection details
Collection information
Computer Name: KAROLINKA-PC
Windows Version:
6.0
Architecture:
x86
Time:
1/17/2012 12:27:12 PM
Publisher details
Windows Update
Resolve problems that prevent you from updating Windows.
Package Version:
4.0.2.20110411
Publisher:
Microsoft Corporation

So I thought that I would be able to turn the Windows Firewall on, I got the message that it wasn't possible.

In other words, MY LAPTOP IS WITHOUT A FIREWALL.

Can you please tell me if it is necessary to have a Firewall and if yes, what else can I do to have it on my laptop?

Here is the report after the full scan done by Avira Free Antivirus:

Avira Free Antivirus
Report file date: January-17-12 13:20

Scanning for 3157329 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : KAROLINKA-PC

Version information:
BUILD.DAT : 12.0.0.849 41825 Bytes 23/09/2011 20:19:00
AVSCAN.EXE : 12.1.0.17 490448 Bytes 24/09/2011 02:04:46
AVSCAN.DLL : 12.1.0.17 54224 Bytes 23/09/2011 21:34:56
LUKE.DLL : 12.1.0.17 68304 Bytes 23/09/2011 20:55:16
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 17/01/2012 20:11:57
AVREG.DLL : 12.1.0.27 227536 Bytes 17/01/2012 20:11:57
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 04:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 19:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 20:10:56
VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 20:10:56
VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 20:10:57
VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 20:10:57
VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 20:10:57
VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 20:10:57
VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 20:10:57
VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 20:10:58
VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 20:10:58
VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 20:10:58
VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 20:10:58
VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 20:10:59
VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 20:11:01
VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 20:11:05
VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 20:11:07
VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 20:11:10
VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 20:11:12
VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 20:11:14
VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 20:11:17
VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 20:11:18
VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 20:11:20
VBASE023.VDF : 7.11.21.40 163840 Bytes 16/01/2012 20:11:21
VBASE024.VDF : 7.11.21.65 1001472 Bytes 17/01/2012 20:11:29
VBASE025.VDF : 7.11.21.66 2048 Bytes 17/01/2012 20:11:29
VBASE026.VDF : 7.11.21.67 2048 Bytes 17/01/2012 20:11:29
VBASE027.VDF : 7.11.21.68 2048 Bytes 17/01/2012 20:11:30
VBASE028.VDF : 7.11.21.69 2048 Bytes 17/01/2012 20:11:30
VBASE029.VDF : 7.11.21.70 2048 Bytes 17/01/2012 20:11:30
VBASE030.VDF : 7.11.21.71 2048 Bytes 17/01/2012 20:11:30
VBASE031.VDF : 7.11.21.73 12288 Bytes 17/01/2012 20:11:30
Engineversion : 8.2.8.28
AEVDF.DLL : 8.1.2.2 106868 Bytes 17/01/2012 20:11:55
AESCRIPT.DLL : 8.1.3.97 426363 Bytes 17/01/2012 20:11:54
AESCN.DLL : 8.1.7.2 127349 Bytes 02/09/2011 07:46:02
AESBX.DLL : 8.2.4.5 434549 Bytes 17/01/2012 20:11:56
AERDL.DLL : 8.1.9.15 639348 Bytes 09/09/2011 07:16:06
AEPACK.DLL : 8.2.16.1 799094 Bytes 17/01/2012 20:11:52
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 17/01/2012 20:11:50
AEHEUR.DLL : 8.1.3.18 4297079 Bytes 17/01/2012 20:11:48
AEHELP.DLL : 8.1.18.0 254327 Bytes 17/01/2012 20:11:36
AEGEN.DLL : 8.1.5.17 405877 Bytes 17/01/2012 20:11:35
AEEMU.DLL : 8.1.3.0 393589 Bytes 02/09/2011 07:46:01
AECORE.DLL : 8.1.24.3 201079 Bytes 17/01/2012 20:11:33
AEBB.DLL : 8.1.1.0 53618 Bytes 02/09/2011 07:46:01
AVWINLL.DLL : 12.1.0.17 27344 Bytes 23/09/2011 20:13:18
AVPREF.DLL : 12.1.0.17 51920 Bytes 23/09/2011 19:53:57
AVREP.DLL : 12.1.0.17 179408 Bytes 23/09/2011 19:55:01
AVARKT.DLL : 12.1.0.17 223184 Bytes 23/09/2011 19:25:26
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 23/09/2011 19:34:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16/09/2011 10:05:58
AVSMTP.DLL : 12.1.0.17 62928 Bytes 23/09/2011 20:03:47
NETNT.DLL : 12.1.0.17 17104 Bytes 23/09/2011 20:58:06
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 23/09/2011 21:37:25
RCTEXT.DLL : 12.1.0.16 96208 Bytes 23/09/2011 21:37:24

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: January-17-12 13:20

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.
c:\windows\$ntuninstallkb36786$:summaryinformation
c:\windows\$ntuninstallkb36786$:summaryinformation
[NOTE] The stream is not visible.
Hidden driver
[NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

The scan of running processes will be started
Scan process 'UI0Detect.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avcenter.exe' - '100' Module(s) have been scanned
Scan process 'hphc_service.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '25' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '28' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '18' Module(s) have been scanned
Scan process 'iPodService.exe' - '34' Module(s) have been scanned
Scan process 'AVWEBGRD.EXE' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'netsession_win.exe' - '55' Module(s) have been scanned
Scan process 'BtStackServer.exe' - '71' Module(s) have been scanned
Scan process 'ehmsas.exe' - '26' Module(s) have been scanned
Scan process 'psi_tray.exe' - '25' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '38' Module(s) have been scanned
Scan process 'BTTray.exe' - '62' Module(s) have been scanned
Scan process 'netsession_win.exe' - '38' Module(s) have been scanned
Scan process 'ehtray.exe' - '29' Module(s) have been scanned
Scan process 'sidebar.exe' - '106' Module(s) have been scanned
Scan process 'avgnt.exe' - '65' Module(s) have been scanned
Scan process 'Updater.exe' - '28' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '34' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '18' Module(s) have been scanned
Scan process 'jusched.exe' - '25' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '70' Module(s) have been scanned
Scan process 'ipoint.exe' - '57' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '74' Module(s) have been scanned
Scan process 'svchost.exe' - '7' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'ContentTransferWMDetector.exe' - '34' Module(s) have been scanned
Scan process 'nmapp.exe' - '53' Module(s) have been scanned
Scan process 'nmctxth.exe' - '41' Module(s) have been scanned
Scan process 'sua.exe' - '25' Module(s) have been scanned
Scan process 'PSIA.exe' - '76' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '19' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '39' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '32' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '41' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '22' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '38' Module(s) have been scanned
Scan process 'QPService.exe' - '98' Module(s) have been scanned
Scan process 'taskeng.exe' - '85' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '40' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '48' Module(s) have been scanned
Scan process 'fpdisp6.exe' - '25' Module(s) have been scanned
Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
Scan process 'mobsync.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '42' Module(s) have been scanned
Scan process 'taskeng.exe' - '51' Module(s) have been scanned
Scan process 'Explorer.EXE' - '133' Module(s) have been scanned
Scan process 'AsGHost.exe' - '89' Module(s) have been scanned
Scan process 'Dwm.exe' - '34' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'armsvc.exe' - '27' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '30' Module(s) have been scanned
Scan process 'SASCORE.EXE' - '20' Module(s) have been scanned
Scan process 'sched.exe' - '52' Module(s) have been scanned
Scan process 'spoolsv.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '150' Module(s) have been scanned
Scan process 'svchost.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '34' Module(s) have been scanned
Scan process 'lsm.exe' - '26' Module(s) have been scanned
Scan process 'lsass.exe' - '69' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '30' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '2842' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\WINDOWS\SoftwareDistribution\Download\ce5287396485f886a3051ac552cbdb2f08681033
[0] Archive type: Portable Executable Resource
--> object
[1] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archive type: 7-Zip
--> WriterProdLang.cab
[3] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
--> object
[1] Archive type: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archive type: 7-Zip
--> LanguageSelector64.cab
[3] Archive type: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNING] The file could not be read!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: January-17-12 16:15
Used time: 2:54:49 Hour(s)

The scan has been done completely.

29686 Scanned directories
601109 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
601109 Files not concerned
4615 Archives were scanned
2 Warnings
2 Notes
710024 Objects were scanned with rootkit scan
2 Hidden objects were found

=
Also, under the Summary after the scan Avira listed these Errors (they also appear in the Report above):

writerprodlang.msi
[WARNING] The file could not be read!
LanguageSelector64.msi
[WARNING] The file could not be read!
==

HIJACKTHIS REMOVAL
I tried both options that you suggested, but neither worked - they were not showing HJT as installed. I think that because "officially" I uninstalled it via Control Panel, but - as I said before - I was told that I should manually remove HijackThis.exe (it's in C:\Program Files\Trend Micro\HijackThis), but when I deleted that folder the laptop became "unaccessible".
So my question re this is - is it dangerous to keep that C:\Program Files\Trend Micro\HijackThis folder?

Thanks in advance for more help.

Best regards,

pumex

Hi pumex,

I'm currently looking over your logs right now.

Quote

Yes, it is important to run a firewall with your computer.

The best way to answer this question is as followed; running your computer without a firewall is like having unprotected sex.

I'd like to check a few of the settings related to certain Windows services to check the settings on them to see if any need to be repaired.

Please run this tool below.

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
    
  • Windows Firewall
    
  • System Restore
    
  • Security Center
    
  • Windows Update
  
  
• Press "Scan".
  
• It will create a log (FSS.txt) in the same directory the tool is run.
  
• Please copy and paste the log to your reply.

Also do me a favor and run this removal tool for AVG.

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Here is the FSS Report:

Farbar Service Scanner Version: 17-01-2012 00
Ran by karolinka (administrator) on 17-01-2012 at 23:20:34
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-09-23 21:01] - [2009-04-10 22:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-23 21:03] - [2009-04-10 22:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-09-23 21:02] - [2009-04-10 22:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-09-23 21:01] - [2009-04-10 22:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
=
pumex

Here is the report from the AVG Remover - as an attachment in .zip format (I used 7-zip). It was too big (almost 1400KB) to send inside the post.


pumex

P.S. I had on my Desktop an earlier version of AVG Remover - 2012_1796 and I believe I used it before, but apparently that wasn't successful. I'm not sure, but it looks to me that the above Report talks about both runs(?). Anyway, it's colossal. Hopefully it will help to solve the AVG problem. By the way, I noticed that AVG AV software is the 2012 Editor's Choice at PC Mag... It's strange after my experience; many other people complain too.

When you ran the tool did you run it as an administrator?

I just double-clicked to run it. Should I use right-click>Run as administrator?

But at the top of the report it says:

"Ran by karolinka (administrator) on 17-01-2012 at 23:20:34",

so it probably wouldn't matter if I run it again, using right-click>Run as administrator... Am I right?
==
pumex

This post has been edited by pumex: 18 January 2012 - 03:22 AM

Hi!

Quote

It might make a difference if it's run as an administrator. When I looked at the log you posted it showed me that some sections weren't able to remove them properly and this could be due to permission issue.

After you've run it as an administrator, I'd like to have you try and run ComboFix. I have a feeling there are parts of this infection that ComboFix could see properly and would be able to handle it nicely.

Hi, Agent ST.

I ran again (actually a few times) FSS and AVG Remover - as an administrator, with Avira disabled.
I'm attaching/posting the logs.

Next, I ran ComboFix; again a few times because it was still giving me the warning that the AVG real-time scanners are present. I don't understand why this happens when the AVG Remover logs show that everything from AVG is gone.

What is wrong, then? AVG remover not removing completely or ComboFix reacting falsely by showing the AVG real-time scanners?

Can we solve this issue with any other tool?

Here is the FSS log:

Farbar Service Scanner Version: 17-01-2012 00
Ran by karolinka (administrator) on 18-01-2012 at 08:14:30
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2009-09-23 21:01] - [2009-04-10 22:28] - 0061440 ____A (Microsoft Corporation) 1CA6C40261DDC0425987980D0CD2AAAB

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-09-23 21:03] - [2009-04-10 22:28] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-09-23 21:02] - [2009-04-10 22:28] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-09-23 21:01] - [2009-04-10 22:28] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
==

AVG remover log is zipped and attached.

Thanks in advance for more help.
==
pumex

UPDATE:

While waiting for your response, I looked at the AVG Forum and noticed a lot of posts re un-installation of AVG 2011. In general, they suggest using the latest version of remover - 2012_1796. So I tried it too - ran it (as an administrator, Avira disabled) and then ran ComboFix.

Unfortunately, it still was detecting(?) real time scanners by AVG. I accepted the warning and ComboFix continued, but when it started to scan for infected files, the icons disappeared again!

I restarted the laptop in Safe Mode and tried to go back to the recommended Restore Point (it was dated 2 days ago). However, after restart, I got a message that the restoration was unsuccessful. But I got the icons on the screen back and the laptop is operable and actually runs quite well. A small strange thing I noticed was that a few more icons are now on the screen, with description starting with ~S. I don't know why; is it possible that's because I changed the settings to show hidden files??? I don't think so, because those files are mostly MS Word files.

Anyway, I'm still waiting patiently for your help. Especially with the Firewall, Windows Updates and maybe IE.
By the way, with all files visible now (including hidden), there is no sign of any AVG remnants. Why ComboFix is still showing the AG scanners?
==
pumex

This post has been edited by pumex: 18 January 2012 - 05:33 PM

Hi pumex!

Quote

AVG can be a real pain at times. It doesn't always get removed properly.

Quote

It's possible, but it'll be a lot easier if we're able to use ComboFix to accomplish such.

Quote

Yes, that's the reason why you are seeing those now.

Quote

Did you let ComboFix complete it's scan. It sounds like ComboFix was still scanning your computer when you restarted your computer. Was a ComboFix window still open when the desktop icons disappeared, if so, this sounds like something does as part of it's scan. It kills everything that's running, so that it's able to run a scan.

If this is the case, then I'd like to have you attempt to run ComboFix again, and proceed through the warning messages about AVG running.