gjforce

No, it looks like things are back to normal. Thanks again Maniac for your help.

Everything is working ok now that I replaced the keyboard.

No reoccurrence. I considered it might be a keyboard problem but some of the things appearing on screen went against that although when the mystery blue search screen opened up in safe mode (no networking) by itself and when I started the computer (from shut down) it made an "eeeeeeeeee" noise and went to the bios screen by itself it pointed more to a faulty/malfunctioning keyboard. Thanks again Maniac for your help and guidance. It's great that there are such forums and help available (particularly MBAM). MBAM got rid of a nasty malware problem that I had a while back and I swear by it.

Dealio isn't located there. I did a search and it doesn't come up on the computer. Maybe ESET deleted it. I was thinking that I may have a malfunctioning keyboard. I have changed keyboards and will see how it goes. Will let you know.

Here are the results: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=dd59a893bc10ef43b1a5a5d3b4611c67 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-13 07:54:27 # local_time=2012-08-13 05:54:27 (+1000, AUS Eastern Standard Time) # country="Australia" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 78855423 78855423 0 0 # compatibility_mode=5893 16776574 100 94 28288645 96472024 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=346337 # found=4 # cleaned=4 # scan_time=7233 C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C D:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C E:\Greg's Documents\Downloads\HD Converter 1.7\Setup_FreeAVCHDConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C F:\Greg's Documents\Downloads\HD Converter 1.7\Setup_FreeAVCHDConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=dd59a893bc10ef43b1a5a5d3b4611c67 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-22 01:00:59 # local_time=2012-08-22 11:00:59 (+1000, AUS Eastern Standard Time) # country="Australia" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=512 16777215 100 0 823508 823508 0 0 # compatibility_mode=768 16777215 100 0 79655115 79655115 0 0 # compatibility_mode=5893 16776574 100 94 29088337 97271716 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=129892 # found=2 # cleaned=2 # scan_time=3533 C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\pn4urrjs.default\Cache\3\54\4EC9Ed01 HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\pn4urrjs.default\Cache\E\22\C5860d01 HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Yes, when I couldn't get rid of the infection by scans, etc I restored from my backup (C drive only) in April. Things worked well for a number of days without reoccurrence of the infection. I decided during that time that I had fixed the problem. I cloned this harddrive to a secondary drive thinking that I would overwrite any infection there and I also wiped my external backup drive (of all weekly backups) and backed up that C & E drive thinking that I would overwrite any infection there. That's when the infection appeared again and I started my post on MBAM.

Thanks. PS - the infection may have preceded 21072012 as I ignored some early signs (e.g. a "?" appearing by itself in the navigation bar window). PPS - also, before the forum, I restored backups to try and reach a pre-infection point. I used the most recent backup to the first backup (in April 2012) but the problem keeps coming back. Could it be hidden in the partioned drive or secondary drive? I have a harddrive partioned - C drive for the OS and E drive for personal stuff. I have a secondary harddrive (within the PC) which is a clone of C and E drive. Here is the log: ComboFix 12-08-21.02 - Greg 22/08/2012 9:40.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2322 [GMT 10:00] Running from: c:\users\Greg\Desktop\Combofix\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Greg\AppData\Roaming\inst.exe c:\windows\7Loader.TAG c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 ))))))))))))))))))))))))))))))) . . 2012-08-21 23:44 . 2012-08-21 23:45 -------- d-----w- c:\users\Greg\AppData\Local\temp 2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-08-21 23:25 . 2012-08-21 23:25 573920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-08-21 23:25 . 2012-08-21 23:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-08-21 23:25 . 2012-08-21 23:25 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-08-21 23:25 . 2012-08-21 23:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-08-21 23:25 . 2012-08-21 23:25 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-21 23:25 . 2012-08-21 23:25 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-08-21 12:56 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62DD0505-DBC4-4913-BA92-1222DC6F453B}\mpengine.dll 2012-08-20 11:58 . 2012-06-28 15:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-08-20 00:12 . 2012-08-20 00:12 -------- d-----w- C:\_OTL 2012-08-16 11:30 . 2012-08-16 11:30 -------- d-----w- c:\program files\Common Files\Java 2012-08-16 11:30 . 2012-08-16 11:30 -------- d-----w- c:\program files\Oracle 2012-08-16 11:30 . 2012-07-05 12:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 06:39 . 2012-08-15 06:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:39 . 2012-08-15 06:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-13 09:44 . 2012-08-13 09:44 -------- d-----w- c:\program files\Common Files\xing shared 2012-08-13 09:31 . 2012-08-13 09:31 -------- d-----w- c:\users\Public\Roaming 2012-08-13 05:48 . 2012-08-13 05:48 -------- d-----w- c:\program files\ESET 2012-08-13 00:16 . 2012-08-13 00:16 388096 ----a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-13 00:16 . 2012-08-13 00:16 -------- d-----w- c:\program files\Trend Micro 2012-08-11 05:21 . 2012-08-11 05:21 -------- d-----w- c:\users\Greg\AppData\Local\VS Revo Group 2012-08-11 05:21 . 2009-12-30 01:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-08-11 05:21 . 2012-08-11 05:21 -------- d-----w- c:\program files\VS Revo Group 2012-08-11 03:06 . 2012-08-11 03:06 -------- d-----w- c:\users\Greg\AppData\Roaming\Auslogics 2012-08-11 00:25 . 2012-08-11 00:25 -------- d-----w- c:\users\Greg\AppData\Roaming\NVIDIA 2012-08-11 00:13 . 2012-05-15 09:28 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-11 00:12 . 2012-05-15 10:26 818496 ----a-w- c:\windows\system32\nvumdshim.dll 2012-08-11 00:12 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-11 00:12 . 2012-05-15 10:26 301376 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-08-11 00:12 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-11 00:12 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-11 00:12 . 2012-05-15 10:26 202048 ----a-w- c:\windows\system32\nvinit.dll 2012-08-11 00:12 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-08-11 00:12 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-11 00:12 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-11 00:12 . 2012-04-18 17:08 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-08-11 00:12 . 2012-04-18 17:08 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-08-11 00:12 . 2012-04-18 17:08 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-08-11 00:07 . 2012-08-11 00:07 -------- d-----w- c:\users\Greg\AppData\Local\Macromedia 2012-08-10 12:34 . 2012-08-10 12:29 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46718DE9-32C5-4149-8AFD-58AD6AF096A3}\gapaengine.dll 2012-08-10 12:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-08-10 12:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-08-10 12:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-08-10 12:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-10 12:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-08-10 12:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-08-10 12:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-10 12:29 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-10 12:29 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-10 12:25 . 2012-08-10 12:26 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-10 12:25 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-11 01:53 . 2010-02-03 05:30 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe 2012-07-05 12:06 . 2012-02-14 01:17 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 03:46 . 2011-05-23 11:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 23:25 . 2012-08-13 10:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392] "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-13 2595480] "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-13 905056] "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-13 140568] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-05-05 200704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-08-13 296096] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-6-5 67128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk] backup=c:\windows\pss\HD Writer.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update] 2011-12-21 15:26 229376 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS] 2011-11-11 04:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x] R3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\DRIVERS\MlCyMon.sys [x] R3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\Drivers\MlCyMonBus.sys [x] R3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\Drivers\MlCyMonFW.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:39] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 02:00] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 02:00] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 23:20] . 2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job - c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 23:20] . . ------- Supplementary Scan ------- . uStart Page = uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\pn4urrjs.default\ FF - prefs.js: browser.search.selectedEngine - Amazon.com . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Cmaudio8788 - cmicnfgp.cpl MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe AddRemove-HijackThis - c:\users\Greg\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe AddRemove-RealPlayer 15.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe . . . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7600 Disk: SAMSUNG_HD501LJ rev.CR100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 . device: opened successfully user: MBR read successfully kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,85,2d,c4,5d,6e,12,49,88,5a,fb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,85,2d,c4,5d,6e,12,49,88,5a,fb,\ . [HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:d2,49,62,4a,d8,a4,2a,cd,79,51,bb,e1,40,69,9c,97,06,6e,cb,fe,d5,dd,fb, 7a,3d,0b,e6,fd,4d,48,7e,a3,b9,45,79,b2,ee,60,8e,57,73,f3,50,34,6e,87,0f,ee,\ "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(696) c:\windows\system32\relog_ap.DLL . Completion time: 2012-08-22 09:45:56 ComboFix-quarantined-files.txt 2012-08-21 23:45 . Pre-Run: 60,632,088,576 bytes free Post-Run: 60,677,599,232 bytes free . - - End Of File - - 27C0D34407F711FDF72275AC218C3327

Unfortunately I have had a wave of invasion from single to multiple blue search screens with the computer beeping – I don’t usually have the sound on. Some screens open and text is typed in – e.g. “i06” and other text from other searches I’ve done. I tried to copy and paste these into this post but it doesn't work. This has now affected the browser with multiple beeping on every invasion. It has just typed “I06” into this text. Do you think a reformat is the only answer?

Ok, thanks I'll try that but, rather than reinstall Chrome, I think I'll go back to Firefox. This seems to have surfaced since I started using Chrome. I didn't uninstall exported Chrome bookmarks. Can you see any issues if I import Chrome bookmarks into Firefox?

Unfortunately part of the problem has reoccurred. The Windows search box has opened by itself on a number of occasions without my input. Once it was pre-filled with “i06”. I have ran MBAM, aswMBR, DDS and OTL again (logs attached). MBAM Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.20.01 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Greg :: GREGPC [administrator] Protection: Enabled 20/08/2012 12:30:21 PM mbam-log-2012-08-20 (12-30-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 241307 Time elapsed: 3 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-20 12:44:34 ----------------------------- 12:44:34.701 OS Version: Windows 6.1.7600 12:44:34.702 Number of processors: 2 586 0x1706 12:44:34.702 ComputerName: GREGPC UserName: Greg 12:44:35.326 Initialize success 12:44:39.895 AVAST engine defs: 12081900 12:44:42.338 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 12:44:42.341 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3 12:44:42.344 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 12:44:42.348 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3 12:44:42.367 Disk 1 MBR read successfully 12:44:42.371 Disk 1 MBR scan 12:44:42.378 Disk 1 Windows 7 default MBR code 12:44:42.382 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100021 MB offset 63 12:44:42.400 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 376915 MB offset 204844815 12:44:42.409 Disk 1 scanning sectors +976768065 12:44:42.458 Disk 1 scanning C:\Windows\system32\drivers 12:44:57.356 Service scanning 12:45:13.614 Service MpKsl6f254ebf C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKsl6f254ebf.sys **LOCKED** 32 12:45:29.208 Modules scanning 12:45:35.438 Disk 1 trace - called modules: 12:45:35.448 12:45:36.007 AVAST engine scan C:\Windows 12:45:38.937 AVAST engine scan C:\Windows\system32 12:48:40.987 AVAST engine scan C:\Windows\system32\drivers 12:49:03.423 AVAST engine scan C:\Users\Greg 12:51:59.466 AVAST engine scan C:\ProgramData 12:53:40.559 Scan finished successfully 12:59:50.489 Disk 1 MBR has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\MBR.dat" 12:59:50.549 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\aswMBR 200812.txt" DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1 Run by Greg at 13:26:29 on 2012-08-20 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2050 [GMT 10:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\brss01a.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\MlCyMonS.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system\HsMgr.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 relog_ap . ================= FIREFOX =================== . FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 MpKsl6f254ebf;MpKsl6f254ebf;c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKsl6f254ebf.sys [2012-8-20 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-23 655944] R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-23 22344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440] S1 MpKslfc2f955e;MpKslfc2f955e;c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKslfc2f955e.sys [2012-8-20 29904] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856] S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712] S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-08-20 02:43:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKsl6f254ebf.sys 2012-08-20 00:12:57 -------- d-----w- C:\_OTL 2012-08-19 09:50:39 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\mpengine.dll 2012-08-18 08:11:26 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle 2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared 2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET 2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro 2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07} 2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2} 2012-08-12 00:36:08 -------- d-----w- c:\windows\pss 2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group 2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group 2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics 2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA 2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll 2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll 2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia 2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll 2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe 2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 13:26:40.26 =============== OTL OTL logfile created on: 20/08/2012 1:13:43 PM - Run 2 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.50 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 58.47% Memory free 7.00 Gb Paging File | 5.41 Gb Available in Paging File | 77.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.68 Gb Total Space | 56.58 Gb Free Space | 57.93% Space Free | Partition Type: NTFS Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Computer Name: GREGPC | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/19 00:13:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL\OTL.exe PRC - [2012/08/14 14:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/08/13 19:44:07 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () -- C:\Windows\System32\MlCyMonS.exe PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/06/05 11:25:48 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/22 10:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/06/24 12:00:39 | 001,200,128 | R--- | M] (CMedia) -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe PRC - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe PRC - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012/08/14 14:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll MOD - [2012/08/14 14:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll MOD - [2012/08/14 14:29:41 | 000,526,872 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libglesv2.dll MOD - [2012/08/14 14:29:39 | 000,104,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libegl.dll MOD - [2012/08/14 14:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll MOD - [2012/08/14 14:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll MOD - [2012/08/14 14:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/06/05 11:25:46 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe MOD - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe MOD - [2007/09/14 01:45:10 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll MOD - [2006/10/26 12:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ========== Win32 Services (SafeList) ========== SRV - [2012/08/15 16:39:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MlCyMonS.exe -- (MlCyMonS) SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/07/11 00:08:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/08/20 12:43:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKsl6f254ebf.sys -- (MpKsl6f254ebf) DRV - [2012/08/20 12:36:00 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKslfc2f955e.sys -- (MpKslfc2f955e) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/04/19 03:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/01/18 16:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012/01/18 16:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/06/29 09:52:28 | 000,025,712 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonBus.sys -- (MlCyMonBus) DRV - [2011/06/29 09:52:26 | 000,031,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonFW.sys -- (MlCyMonFW) DRV - [2011/06/29 09:52:22 | 000,383,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMon.sys -- (MlCyMon) DRV - [2010/05/26 17:48:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010/05/26 17:48:56 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/05/26 17:48:54 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010/05/26 17:48:52 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/07/20 12:26:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2008/11/05 04:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2008/06/23 18:04:41 | 002,021,760 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp) DRV - [2007/12/03 12:19:42 | 000,019,968 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data] IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data] IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 71 0D C8 0E FA CA 01 [binary data] IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes,DefaultScope = {D7DFC726-95EF-468B-A10F-E819947828B1} IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes\{D7DFC726-95EF-468B-A10F-E819947828B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/13 19:44:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 20:04:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 09:59:36 | 000,000,000 | ---D | M] [2012/08/13 12:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions [2010/05/01 14:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2012/08/13 20:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/08/13 19:44:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/02/17 00:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/18 16:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2012/02/16 20:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/16 20:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com.au/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com.au/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: YouTube to MP3 Converter = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\ O1 HOSTS File: ([2012/08/17 16:20:40 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3632710230-39802525-731542294-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/20 10:12:57 | 000,000,000 | ---D | C] -- C:\_OTL [2012/08/19 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\OTL [2012/08/18 10:32:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\aswMBR [2012/08/17 13:33:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\DDS [2012/08/17 09:59:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/16 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/08/16 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/08/16 21:30:41 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/08/16 21:30:41 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/08/16 21:30:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/16 21:30:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/15 16:39:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/08/15 16:39:03 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/08/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/08/13 19:44:18 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012/08/13 19:44:09 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012/08/13 19:44:09 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012/08/13 19:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012/08/13 19:44:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012/08/13 15:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/08/13 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/08/13 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/08/12 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07} [2012/08/12 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{852401E2-19FC-4315-99FA-3689341282E2} [2012/08/12 10:36:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/08/11 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\VS Revo Group [2012/08/11 15:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/08/11 15:21:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys [2012/08/11 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/08/11 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/08/11 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Auslogics [2012/08/11 10:25:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\NVIDIA [2012/08/11 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012/08/11 10:12:12 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll [2012/08/11 10:12:12 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll [2012/08/11 10:12:12 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys [2012/08/11 10:12:12 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll [2012/08/11 10:12:12 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll [2012/08/11 10:12:12 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll [2012/08/11 10:12:12 | 000,876,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll [2012/08/11 10:12:12 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll [2012/08/11 10:12:12 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll [2012/08/11 10:12:12 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll [2012/08/11 10:12:12 | 000,148,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys [2012/08/11 10:12:12 | 000,027,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll [2012/08/11 10:07:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Macromedia [2012/08/11 09:48:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/11 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Microsoft Fixit Solution Center [2012/08/10 22:29:35 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/08/10 22:29:35 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/08/10 22:29:29 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/08/10 22:29:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/08/10 22:29:29 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/08/10 22:29:26 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/08/10 22:29:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/08/10 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/08/10 22:25:45 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010/01/05 15:02:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Greg\AppData\Roaming\pcouffin.sys ========== Files - Modified Within 30 Days ========== [2012/08/20 13:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job [2012/08/20 13:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/20 13:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/20 12:50:00 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 12:50:00 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/20 12:42:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/20 12:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/20 12:42:39 | 290,180,153 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/20 12:42:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012/08/20 12:42:34 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012/08/19 23:18:32 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job [2012/08/16 23:07:50 | 000,698,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/16 23:07:50 | 000,144,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/16 21:30:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/08/16 21:30:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/08/15 16:39:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/08/15 16:39:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/08/13 19:44:18 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2012/08/13 19:44:09 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2012/08/13 19:44:09 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2012/08/13 19:44:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012/08/11 21:00:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/08/11 15:21:21 | 000,001,259 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/08/11 11:55:07 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let [2012/08/11 11:53:41 | 001,880,856 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe ========== Files Created - No Company Name ========== [2012/08/18 10:49:45 | 290,180,153 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/08/15 16:39:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/13 20:04:35 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/08/12 10:48:59 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/08/11 15:21:21 | 000,001,259 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/08/11 10:13:13 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012/08/11 09:02:10 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/08/10 22:26:04 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/01/19 14:54:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2012/01/19 14:54:14 | 000,000,230 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012/01/19 14:54:14 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2012/01/19 14:54:07 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2012/01/19 14:54:06 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/01/19 14:54:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012/01/18 16:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012/01/18 16:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012/01/18 16:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/09/04 21:07:41 | 000,000,395 | ---- | C] () -- C:\Windows\MyHeritage.INI [2011/09/04 21:04:26 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011/07/26 16:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011/07/21 17:36:19 | 000,499,712 | R--- | C] () -- C:\Windows\System32\Cmeauoxy.exe [2011/07/21 17:36:19 | 000,043,126 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2011/07/21 17:36:09 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011/07/21 17:36:09 | 000,007,214 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2011/07/21 17:36:09 | 000,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2011/06/26 16:55:48 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MlCyMonS.exe [2011/06/11 08:54:33 | 000,038,266 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011/04/27 10:16:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/04/27 10:16:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/03/20 10:31:19 | 000,000,867 | ---- | C] () -- C:\Users\Greg\RPSTD2010.lic [2011/03/20 10:31:13 | 000,000,019 | ---- | C] () -- C:\Users\Greg\rp.ini [2011/02/16 09:33:36 | 000,005,005 | ---- | C] () -- C:\ProgramData\mswjxndi.tal [2011/02/16 09:14:11 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako [2011/02/15 20:10:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts [2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flowers [2011/02/09 15:29:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2011/02/09 15:29:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Generic [2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers [2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flange Saw [2011/02/09 15:28:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/09 15:28:18 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Funk Animals [2010/11/27 22:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/03/14 11:51:19 | 000,082,038 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\theme.themepack [2010/01/10 00:25:51 | 000,081,920 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\ezpinst.exe [2010/01/05 15:07:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/01/05 15:02:45 | 000,087,608 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\inst.exe [2010/01/05 15:02:45 | 000,007,887 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.cat [2010/01/05 15:02:45 | 000,001,144 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.inf ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B946D9EE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4 < End of report > (note OTL didn’t do an Extras log this time)

Steps 1 & 2 completed. Here is the fix log: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92169280-3302-42D4-AF19-366B34098AFC}\ not found. Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92169280-3302-42D4-AF19-366B34098AFC}\ not found. HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found. Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{631ac2d4-57b3-42b0-a148-da33b462c1a3} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac2d4-57b3-42b0-a148-da33b462c1a3}\ not found. Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}\ not found. File C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found. File C:\Users\Greg\AppData\Roaming\Complitly\Complitly.dll not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}\ not found. Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}\ not found. Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== FILES ========== File\Folder C:\Users\Greg\AppData\Roaming\Complitly not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Greg\Desktop\OTL\cmd.bat deleted successfully. C:\Users\Greg\Desktop\OTL\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 6329293 bytes ->Temporary Internet Files folder emptied: 63762522 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 121167476 bytes ->Flash cache emptied: 44663 bytes User: All Users User: Default

Here is the OTL.Txt OTL logfile created on: 19/08/2012 12:17:28 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.50 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.98% Memory free 7.00 Gb Paging File | 5.13 Gb Available in Paging File | 73.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.68 Gb Total Space | 55.92 Gb Free Space | 57.25% Space Free | Partition Type: NTFS Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Computer Name: GREGPC | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/08/19 00:13:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL\OTL.exe PRC - [2012/08/14 14:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/08/13 19:44:07 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012/08/10 22:10:58 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () -- C:\Windows\System32\MlCyMonS.exe PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/06/05 11:25:48 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/22 10:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008/06/24 12:00:39 | 001,200,128 | R--- | M] (CMedia) -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe PRC - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe PRC - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe ========== Modules (No Company Name) ========== MOD - [2012/08/18 18:30:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll MOD - [2012/08/18 18:30:59 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll MOD - [2012/08/14 14:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll MOD - [2012/08/14 14:30:58 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll MOD - [2012/08/14 14:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll MOD - [2012/08/14 14:29:41 | 000,526,872 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libglesv2.dll MOD - [2012/08/14 14:29:39 | 000,104,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libegl.dll MOD - [2012/08/14 14:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll MOD - [2012/08/14 14:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll MOD - [2012/08/14 14:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll MOD - [2012/01/28 20:08:29 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MOD - [2012/01/28 20:08:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/06/05 11:25:46 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll MOD - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe MOD - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe MOD - [2007/09/14 01:45:10 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll ========== Win32 Services (SafeList) ========== SRV - [2012/08/15 16:39:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MlCyMonS.exe -- (MlCyMonS) SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/07/11 00:08:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012/04/19 03:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012/01/18 16:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012/01/18 16:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/06/29 09:52:28 | 000,025,712 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonBus.sys -- (MlCyMonBus) DRV - [2011/06/29 09:52:26 | 000,031,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonFW.sys -- (MlCyMonFW) DRV - [2011/06/29 09:52:22 | 000,383,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMon.sys -- (MlCyMon) DRV - [2010/05/26 17:48:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter) DRV - [2010/05/26 17:48:56 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010/05/26 17:48:54 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2010/05/26 17:48:52 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/07/20 12:26:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2008/11/05 04:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2008/06/23 18:04:41 | 002,021,760 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp) DRV - [2007/12/03 12:19:42 | 000,019,968 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT) DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data] IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data] IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-18\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948 IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 71 0D C8 0E FA CA 01 [binary data] IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - No CLSID value found IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - No CLSID value found IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes,DefaultScope = {D7DFC726-95EF-468B-A10F-E819947828B1} IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes\{D7DFC726-95EF-468B-A10F-E819947828B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/13 19:44:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 20:04:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 09:59:36 | 000,000,000 | ---D | M] [2012/08/13 12:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions [2010/05/01 14:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org [2012/08/13 20:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/08/13 19:44:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/02/17 00:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/11/18 16:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2012/02/16 20:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/02/16 20:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com.au/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}, CHR - homepage: http://www.google.com.au/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: Complitly plugin for chrome = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: YouTube to MP3 Converter = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\ O1 HOSTS File: ([2012/08/17 16:20:40 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Greg\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No CLSID value found. O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3632710230-39802525-731542294-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/08/19 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\OTL [2012/08/18 10:32:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\aswMBR [2012/08/17 13:33:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\DDS [2012/08/17 09:59:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/08/16 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/08/16 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012/08/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared [2012/08/13 19:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012/08/13 19:44:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012/08/13 15:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/08/13 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/08/13 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/08/12 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07} [2012/08/12 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{852401E2-19FC-4315-99FA-3689341282E2} [2012/08/12 10:36:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/08/11 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\VS Revo Group [2012/08/11 15:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [2012/08/11 15:21:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys [2012/08/11 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/08/11 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/08/11 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Auslogics [2012/08/11 10:25:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\NVIDIA [2012/08/11 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012/08/11 10:07:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Macromedia [2012/08/11 09:48:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/08/11 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Microsoft Fixit Solution Center [2012/08/10 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2010/01/05 15:02:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Greg\AppData\Roaming\pcouffin.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/08/19 00:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job [2012/08/19 00:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/08/19 00:06:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/19 00:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/08/19 00:06:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs [2012/08/18 22:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/08/18 22:16:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job [2012/08/18 11:06:25 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 11:06:25 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/08/18 10:58:43 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012/08/18 10:49:45 | 372,337,977 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/08/16 23:07:50 | 000,698,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/08/16 23:07:50 | 000,144,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/08/13 19:44:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll [2012/08/11 21:00:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/08/11 15:21:21 | 000,001,259 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/08/11 11:55:07 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/08/18 10:49:45 | 372,337,977 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/08/15 16:39:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/08/13 20:04:35 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/08/12 10:48:59 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2012/08/11 15:21:21 | 000,001,259 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk [2012/08/11 10:13:13 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012/08/11 09:02:10 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/08/10 22:26:04 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012/01/19 14:54:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini [2012/01/19 14:54:14 | 000,000,230 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012/01/19 14:54:14 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini [2012/01/19 14:54:07 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat [2012/01/19 14:54:06 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012/01/19 14:54:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012/01/18 16:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012/01/18 16:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012/01/18 16:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011/09/04 21:07:41 | 000,000,395 | ---- | C] () -- C:\Windows\MyHeritage.INI [2011/09/04 21:04:26 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011/07/26 16:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011/07/21 17:36:19 | 000,499,712 | R--- | C] () -- C:\Windows\System32\Cmeauoxy.exe [2011/07/21 17:36:19 | 000,043,126 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2011/07/21 17:36:09 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll [2011/07/21 17:36:09 | 000,007,214 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2011/07/21 17:36:09 | 000,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2011/06/26 16:55:48 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MlCyMonS.exe [2011/06/11 08:54:33 | 000,038,266 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft Excel 97-2003.ADR [2011/04/27 10:16:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/04/27 10:16:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/03/20 10:31:19 | 000,000,867 | ---- | C] () -- C:\Users\Greg\RPSTD2010.lic [2011/03/20 10:31:13 | 000,000,019 | ---- | C] () -- C:\Users\Greg\rp.ini [2011/02/16 09:33:36 | 000,005,005 | ---- | C] () -- C:\ProgramData\mswjxndi.tal [2011/02/16 09:14:11 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako [2011/02/15 20:10:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts [2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flowers [2011/02/09 15:29:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2011/02/09 15:29:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Generic [2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers [2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flange Saw [2011/02/09 15:28:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2011/02/09 15:28:18 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Funk Animals [2010/11/27 22:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/03/14 11:51:19 | 000,082,038 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\theme.themepack [2010/01/10 00:25:51 | 000,081,920 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\ezpinst.exe [2010/01/05 15:07:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/01/05 15:02:45 | 000,087,608 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\inst.exe [2010/01/05 15:02:45 | 000,007,887 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.cat [2010/01/05 15:02:45 | 000,001,144 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.inf ========== LOP Check ========== [2011/08/05 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS [2011/09/11 14:40:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyHeritage [2011/07/07 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound [2010/05/30 16:13:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Acronis [2010/01/09 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Any DVD Clone [2010/01/10 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Any DVD Shrink [2011/07/21 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ASUS [2012/08/11 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Auslogics [2011/07/29 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/01/28 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Complitly [2011/02/16 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Digiarty [2011/05/10 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers [2012/03/10 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\foobar2000 [2011/02/14 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\FreeHDConverter [2011/06/12 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ImgBurn [2010/04/25 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech [2011/02/15 20:11:05 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leawo [2011/07/28 10:06:21 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MAGIX [2011/02/16 09:33:37 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MOVAVI [2011/02/15 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Moyea [2011/09/04 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MyHeritage [2011/07/03 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\NCH Swift Sound [2011/02/09 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Nikon [2012/01/28 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Speedy P2P Movie Finder [2010/03/27 09:47:48 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1 [2012/01/10 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011/06/12 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Vso [2012/01/28 20:30:17 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2012/02/05 14:19:28 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B946D9EE @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4 < End of report > ________________________________________________________________________ Here is the Extras.Txt OTL Extras logfile created on: 19/08/2012 12:17:28 AM - Run 1 OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 3.50 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.98% Memory free 7.00 Gb Paging File | 5.13 Gb Available in Paging File | 73.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 97.68 Gb Total Space | 55.92 Gb Free Space | 57.25% Space Free | Partition Type: NTFS Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS Computer Name: GREGPC | User Name: Greg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018CEC32-F944-4677-89DE-1DC88DADED17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{05B024D4-151A-41E4-95ED-2101D6ED638A}" = rport=445 | protocol=6 | dir=out | app=system | "{26DC4A31-9BDE-4E0E-B970-7FC0494A032F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2DBF8864-F98A-4C1F-84BC-16267700630D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{33328E6C-3FEB-4324-84B0-3575BDD97308}" = rport=138 | protocol=17 | dir=out | app=system | "{356175C3-B3C9-402A-9E0D-079D1FABFA4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{53608A52-03FE-433D-9A4B-DA1E1EA34CC8}" = lport=137 | protocol=17 | dir=in | app=system | "{60BDB423-4FCE-413E-889D-7FFA57429148}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{69F8FBC1-C99D-4087-ACAD-CA6C0408574B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7709ABE7-BBDD-4F1C-86F7-FA11F17CE290}" = lport=445 | protocol=6 | dir=in | app=system | "{7737D385-C246-4754-AE01-079F7B7AF863}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7A974597-97FC-4BB3-8051-FB9F5A21B08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7F3C771D-0E4D-4692-9346-7810C707CEAD}" = rport=139 | protocol=6 | dir=out | app=system | "{862F9A39-447A-4A62-A126-A66D4F7EFFED}" = lport=10243 | protocol=6 | dir=in | app=system | "{8955C1A9-8584-467A-8772-A8A202D57AAD}" = lport=2869 | protocol=6 | dir=in | app=system | "{A595A5C8-1C51-42B1-954B-1E353E9DB013}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B9FDD7C3-5410-4C9E-9337-7302DD1C84A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BAD0A3E4-235B-4F70-96DC-C83AD7D46B5E}" = lport=139 | protocol=6 | dir=in | app=system | "{BDC829F0-B804-4FAE-94D4-6135FDB24700}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C445F935-6E68-4BBB-BC59-15DF9AC8E002}" = lport=2869 | protocol=6 | dir=in | app=system | "{C4B91AF3-A73C-4925-ADE0-A4DECEB32FED}" = rport=137 | protocol=17 | dir=out | app=system | "{D6E83FDA-B164-4778-A582-43BB89C0BF3C}" = lport=138 | protocol=17 | dir=in | app=system | "{DB3A9DFF-DD05-4841-8E23-4F190919D6E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{DE01097A-8B3E-4437-82A4-E50D7191AEAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EEFFF0FC-0EDD-4EEF-B75F-232C8BB176C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0C684C5-A8AB-4D0B-8B19-87612315B1AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1DC959F-E5AF-41D9-9CF2-EEB9DB47F424}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{FC09F774-6227-41C8-BE14-1D5A127AD98F}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0055F145-B425-4F6F-B6F0-30782AA1D9E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{01C6AB9E-1DA6-44EF-8021-31BE4CD52CA3}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0271F741-E25F-4A83-8D90-4846403B6285}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{043165C9-A533-4820-9F16-CCF210462019}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{0B7672A6-D52A-40E9-858A-2D46EB09C8FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{16D908EC-E91B-43A1-9719-309B95EA708C}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{1B47AC10-9770-4E07-B617-D96F04F50975}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{1CB63141-F745-4EB7-AFC6-B907698F3F20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{22858F72-67CD-4766-8298-1849FD221FAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{261F9AB4-B078-4E30-86C0-7A2F3C792AE6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{299B1CC6-15F5-408E-9242-1C9E814E0F09}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2A105062-DF44-4E27-AA38-1FDC25077BFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E0DA6E7-F765-4577-B516-12D29B98BABC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{312AE61F-E30A-4685-B8A9-22830026049B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{36A2BA26-6AB9-4FA2-A5CA-B9743C0D0666}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{39678C85-C73A-4121-9B6A-94449A114F3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{3CA8A374-8D02-4A8D-BB3C-9CB2D0D50743}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{4CB805E1-7236-471F-831E-F7B34D0C5D1D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | "{4EE2870E-F51B-455E-910B-D8EBB78BF180}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{542571CC-0BEE-4379-81FD-EA7DF6E4299D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{595B38F9-47EB-40CA-8AE3-8778893D8F21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65B66B95-63B1-42C9-86E1-CDF30700A42B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "{78F3815F-F445-43F1-A7EF-FFE208736082}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{7A15D3B1-8EBD-486D-BEEF-84C3DC53AC03}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "{7AC28D04-F485-4E63-AC04-77B36D7085ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7B52E1CA-7A6E-4A83-9B08-5D4D3946D604}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7D661B4B-0827-4154-8453-E98C0622E9B9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{7E32BF86-06B7-4077-8A08-0D3EAB9F6384}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{812403C4-2888-41C9-8583-11B51036B315}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{8DB9BC19-5292-47AE-8CCA-9CAFCDA345A5}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "{95B87A2B-5397-4D32-ACE3-AA2BFC7022E1}" = protocol=6 | dir=out | app=system | "{9B5DA963-2292-417F-9D80-478D0B32D5A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{9E00E65D-7E65-46BD-A804-425A9DFB0AE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F0DF6D0-6EE2-47BC-B1F6-991250645C3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A5EEA45A-AB80-441F-B75E-0EBF8FA1816B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{BBEE85AB-27B6-44E0-AED2-6D04152BBF71}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{C3621440-3F98-4D38-8FA8-91C045DD92A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C488EAE6-D91B-41FE-A0C7-E8CE5A465D57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C9928054-D394-421B-BDD8-2A967932B5C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB918D1B-0C11-4A84-9B09-88FFCED96B07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{E2A2FA8D-7CEA-406A-9410-7F0C07391E84}" = dir=in | app=c:\program files\itunes\itunes.exe | "{EE70FA20-2D1F-4929-8D02-11AC7D40FFFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{1131390B-FD21-4C9E-82CB-F0E0D82F4491}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{3F95BE72-7546-4DEB-A642-541EDBB82648}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | "TCP Query User{A3BEDCAE-6C87-43C9-8A22-0E2EE9FACBC1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{C84247D7-B364-4582-ACB1-CFECE4D1357E}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "TCP Query User{F08155FB-744F-4A61-91E0-E6DE8D3591AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{B1846820-86F2-42D7-A901-393555371CB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{B1FB9A7B-B6FB-482F-834E-E92B3DC1FB89}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe | "UDP Query User{D5733512-273A-4AAB-8268-FEA8C25AD5B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{EABEC80B-2C2B-4256-BF21-1D4E0276330F}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe | "UDP Query User{F0389E52-86CE-44D2-A225-6382F117DF5E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29075035-802D-440E-5FC9-7F09D0DE12CB}" = Secure Multi Track Downloader "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer "{3BDEE284-1516-40E8-B784-00FEBE1B1033}" = Nero 7 Essentials "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{824BDB0B-1D3F-43D7-BF20-4FC726E0D112}" = Document Express DjVu Plug-in "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0 "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4) "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B425AE84-3FD0-4005-A9A1-1C5EBB2674DB}" = MUSILAND Monitor Series(USB) Driver "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8 "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife "{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010 "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.5 "Audacity_is1" = Audacity 1.2.6 "CCleaner" = CCleaner "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "C-Media Oxygen HD Audio Driver" = ASUS Xonar D1 Audio Driver "Collage Maker" = Collage Maker 2.05 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Defraggler" = Defraggler "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD Shrink_is1" = DVD Shrink 3.2 "EA Download Manager" = EA Download Manager "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "Family Tree Builder" = MyHeritage Family Tree Builder "foobar2000" = foobar2000 v0.9.6 "Free HD Converter_is1" = Free HD Converter V 1.7 "Free Window Registry Repair" = Free Window Registry Repair "Google Chrome" = Google Chrome "HijackThis" = HijackThis 1.99.1 "Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.5 "ImgBurn" = ImgBurn "KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic) "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "Microsoft Security Client" = Microsoft Security Essentials "MixPad" = MixPad Audio Mixer "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "MySSID_is1" = Vtune 7.21 "NetMeter_is1" = NetMeter 0.9.9.9 (beta 2) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "PhotoME_is1" = PhotoME "Picasa 3" = Picasa 3 "Prism" = Prism Video File Converter "RealPlayer 15.0" = RealPlayer "Recuva" = Recuva "SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1" = Secure Multi Track Downloader "Switch" = Switch Sound File Converter "SystemRequirementsLab" = System Requirements Lab "ToneGen" = NCH Tone Generator "Uninstall_is1" = Uninstall 1.0.0.1 "Voice Manager" = Voice Manager "WavePad" = WavePad Sound Editor "WinLiveSuite" = Windows Live Essentials "WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.8.2 "WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 1/12/2011 5:00:21 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 4353 Error - 1/12/2011 5:00:21 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 4353 Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5351 Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5351 Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6350 Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6350 Error - 1/12/2011 5:00:24 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 1/12/2011 5:00:24 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7364 [ OSession Events ] Error - 5/10/2011 4:16:44 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 779 seconds with 720 seconds of active time. This session ended with a crash. Error - 7/10/2011 8:04:13 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 484 seconds with 480 seconds of active time. This session ended with a crash. Error - 7/10/2011 10:49:58 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1137 seconds with 1080 seconds of active time. This session ended with a crash. Error - 17/10/2011 1:13:15 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 95 seconds with 60 seconds of active time. This session ended with a crash. Error - 17/10/2011 2:39:24 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 133 seconds with 120 seconds of active time. This session ended with a crash. Error - 18/10/2011 4:34:09 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1203 seconds with 1200 seconds of active time. This session ended with a crash. Error - 19/10/2011 3:54:48 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 995 seconds with 840 seconds of active time. This session ended with a crash. Error - 19/10/2011 8:51:56 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 196 seconds with 180 seconds of active time. This session ended with a crash. Error - 22/10/2011 3:03:04 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 592 seconds with 480 seconds of active time. This session ended with a crash. Error - 24/10/2011 11:55:49 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 783 seconds with 720 seconds of active time. This session ended with a crash. [ System Events ] Error - 17/08/2012 8:50:23 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:23 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001 Description = The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error - 17/08/2012 8:59:00 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Lbd Error - 17/08/2012 11:11:54 PM | Computer Name = GregPC | Source = Microsoft-Windows-HAL | ID = 12 Description = The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. < End of report >

Hi Maniac, Thanks very much for your help and guidance. Step 1: NCH EN Toolbar uninstalled Step 2: MBAM updated and scanned Log as follows: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.17.08 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Greg :: GREGPC [administrator] 18/08/2012 10:59:49 AM mbam-log-2012-08-18 (10-59-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243462 Time elapsed: 4 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Step 3: Downloaded aswMBR and scanned but had problems - PC rebooted during scan and on the second scan stopped working. However the third scan was successful. Log as follows: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-08-18 11:09:20 ----------------------------- 11:09:20.498 OS Version: Windows 6.1.7600 11:09:20.498 Number of processors: 2 586 0x1706 11:09:20.498 ComputerName: GREGPC UserName: Greg 11:09:20.947 Initialize success 11:09:25.519 AVAST engine defs: 12081701 11:09:47.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 11:09:47.900 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3 11:09:47.903 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 11:09:47.907 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3 11:09:47.945 Disk 1 MBR read successfully 11:09:47.949 Disk 1 MBR scan 11:09:47.955 Disk 1 Windows 7 default MBR code 11:09:47.960 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100021 MB offset 63 11:09:47.978 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 376915 MB offset 204844815 11:09:47.986 Disk 1 scanning sectors +976768065 11:09:48.048 Disk 1 scanning C:\Windows\system32\drivers 11:09:59.335 Service scanning 11:10:08.983 Service MpKsl9d2e02b5 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A440A56-6FE2-4E64-B23F-3A29783BBF55}\MpKsl9d2e02b5.sys **LOCKED** 32 11:10:24.674 Modules scanning 11:10:30.024 Disk 1 trace - called modules: 11:10:31.845 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys cmudaxp.sys portcls.sys HDAudBus.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys intelppm.sys ndis.sys tcpip.sys NETIO.SYS RTKVHDA.sys ks.sys w 11:10:31.851 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86f28030] 11:10:31.856 3 CLASSPNP.SYS[8d5c459e] -> nt!IofCallDriver -> [0x86a19938] 11:10:31.861 5 ACPI.sys[8cc973b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86167908] 11:10:31.866 7 cdrom.sys[8d3ba09c] -> nt!IofCallDriver -> \Device\CdRom0[0x872df3d8] 11:10:31.872 9 cdrom.sys[8d3ba09c] -> nt!IofCallDriver -> \Device\CdRom0[0x872df3d8] 11:10:32.415 AVAST engine scan C:\Windows 11:10:34.710 AVAST engine scan C:\Windows\system32 11:13:28.318 AVAST engine scan C:\Windows\system32\drivers 11:13:42.286 AVAST engine scan C:\Users\Greg 11:16:34.973 AVAST engine scan C:\ProgramData 11:17:59.582 Scan finished successfully 11:18:23.190 Disk 1 MBR has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\MBR.dat" 11:18:23.269 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\aswMBR 180812 1118.txt" _______________________________________________________________________________________________________________ DDS log as follows: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1 Run by Greg at 11:23:28 on 2012-08-18 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2091 [GMT 10:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\brss01a.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\MlCyMonS.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\system\HsMgr.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\greg\appdata\roaming\complitly\Complitly.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 relog_ap . ================= FIREFOX =================== . FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 MpKsl9d2e02b5;MpKsl9d2e02b5;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKsl9d2e02b5.sys [2012-8-18 29904] R1 MpKslb1491ce3;MpKslb1491ce3;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKslb1491ce3.sys [2012-8-17 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960] R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856] S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712] S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-08-18 01:06:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKsl9d2e02b5.sys 2012-08-17 06:01:38 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKslb1491ce3.sys 2012-08-17 05:03:20 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\mpengine.dll 2012-08-17 00:41:26 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle 2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared 2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET 2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro 2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07} 2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2} 2012-08-12 00:36:08 -------- d-----w- c:\windows\pss 2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group 2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group 2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics 2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA 2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll 2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll 2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia 2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll 2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe 2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 11:23:37.51 ===============

I have a recurring situation where typing occurs in the URL window. I'm using Google Chrome. The following is typed ?i06/////////// or variations, but not by me. The Java Console keeps opening by itself. The windows search panel opens and is automatically typed with the above or variations. The same typing occurs when I rename a file where I am renaming and i06, etc is typed (but not by me). I have also had freezes where I can only reboot. However since going back to “Normal” startup this seems to have stopped this. I still get some hang-time when opening sub-menu folders where the menu folder is empty for a while before it populates. I scanned (full) with Malwarebytes, Superantispyware, and Avast, then I tried Microsoft Security. Nothing detected. I did the same in safe mode. After I do scans this seems to solve the problem for a while - 1 to 3 days so far but then it resurfaces and intensifies - e.g. dozens of windows search boxes open. I have tried to attach the requested DPP files but I keep getting "Error - The Server Returned an Error During Upload" Therefore I'll copy and paste text: ____________________________________________________________________________________ DDS.txt . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1 Run by Greg at 10:38:58 on 2012-08-17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2068 [GMT 10:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\brsvc01a.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\brss01a.exe C:\Windows\System32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\MlCyMonS.exe C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system\HsMgr.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: H - No File uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll uURLSearchHooks: H - No File mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\greg\appdata\roaming\complitly\Complitly.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 relog_ap . ================= FIREFOX =================== . FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064] R1 MpKsl47fe81a7;MpKsl47fe81a7;c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\MpKsl47fe81a7.sys [2012-8-17 29904] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608] R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400] R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272] R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848] R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664] S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856] S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712] S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952] S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192] S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968] S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008] S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-08-17 00:14:13 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\MpKsl47fe81a7.sys 2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle 2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-16 04:54:30 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\mpengine.dll 2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-15 04:30:07 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared 2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET 2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro 2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07} 2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2} 2012-08-12 00:36:08 -------- d-----w- c:\windows\pss 2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group 2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group 2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics 2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA 2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin 2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll 2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll 2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll 2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll 2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll 2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll 2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll 2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll 2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll 2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys 2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia 2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll 2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe 2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 10:39:14.64 =============== ______________________________________________________________________________________ Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 5/01/2010 3:24:56 PM System Uptime: 17/08/2012 9:46:52 AM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3000/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 98 GiB total, 56.548 GiB free. D: is FIXED (NTFS) - 98 GiB total, 55.72 GiB free. E: is FIXED (NTFS) - 368 GiB total, 323.122 GiB free. F: is FIXED (NTFS) - 368 GiB total, 323.141 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 7-Zip 9.20 Acronis True Image Home Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Any DVD Cloner Platinum 1.0.5 Apple Application Support Apple Mobile Device Support Apple Software Update ASUS Xonar D1 Audio Driver Audacity 1.2.6 AusLogics Disk Defrag Bing Bar Bonjour CameraHelperMsi CCleaner Collage Maker 2.05 Complitly D3DX10 Defraggler Diagnostic Utility Document Express DjVu Plug-in DVD Decrypter (Remove Only) DVD Flick 1.3.0.7 DVD Shrink 3.2 e-tax 2010 e-tax 2011 EA Download Manager EA Download Manager UI erLT ESET Online Scanner v3 foobar2000 v0.9.6 Free HD Converter V 1.7 Free Window Registry Repair Gigabyte Raid Configurer Google Chrome Google Earth Google SketchUp 8 Google Talk Plugin Google Update Helper HD Writer AE 2.0 HiJackThis HijackThis 1.99.1 Ideal DVD Copy V3.2.5 ImgBurn iTunes Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Junk Mail filter update K-Lite Codec Pack 6.5.0 (Basic) Logitech Desktop Messenger Logitech Harmony Remote Software 7 Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.62.0.1300 Mesh Runtime Messenger Companion Microsoft .NET Framework 1.1 Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP1 English Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ Run Time Lib Setup Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MixPad Audio Mixer MobileMe Control Panel Mozilla Firefox 10.0.2 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MUSILAND Monitor Series(USB) Driver MyHeritage Family Tree Builder NCH EN Toolbar NCH Tone Generator Nero 7 Essentials NetMeter 0.9.9.9 (beta 2) Nikon Message Center Nikon Transfer NVIDIA 3D Vision Controller Driver NVIDIA 3D Vision Controller Driver 301.42 NVIDIA 3D Vision Driver 301.42 NVIDIA Control Panel 301.42 NVIDIA Graphics Driver 301.42 NVIDIA HD Audio Driver 1.3.16.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.8.15 NVIDIA Update Components OpenAL PhotoME Picasa 3 Prism Video File Converter QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver For Windows Vista and Later Realtek High Definition Audio Driver RealUpgrade 1.1 Recuva Remote Control USB Driver Revo Uninstaller Pro 2.5.8 Safari SeaTools for Windows Secure Multi Track Downloader Security Update for CAPICOM (KB931906) SUPERAntiSpyware Switch Sound File Converter System Requirements Lab The Sims 2 Nightlife The Sims™ 3 Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Script Editor Help (KB963671) ViewNX Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Voice Manager Vtune 7.21 WavePad Sound Editor Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinX DVD Ripper Platinum 6.8.2 WinX HD Video Converter Deluxe 3.12.2 . ==== Event Viewer Messages From Past Week ======== . 17/08/2012 9:47:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd 16/08/2012 9:13:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 16/08/2012 9:13:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 16/08/2012 9:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 16/08/2012 9:13:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 16/08/2012 9:13:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 16/08/2012 8:56:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 16/08/2012 8:56:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 16/08/2012 8:55:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 16/08/2012 8:55:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 16/08/2012 8:55:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache Lbd MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 16/08/2012 10:21:07 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 14/08/2012 11:01:43 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MONSTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E19DABD5-9076-481B-A8A9-AA0A989928. The master browser is stopping or an election is being forced. 12/08/2012 10:48:28 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 12/08/2012 10:47:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache Lbd MpFilter SASDIFSV SASKUTIL spldr Wanarpv6 12/08/2012 10:18:46 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting. 11/08/2012 9:46:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C} 11/08/2012 8:34:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 11/08/2012 8:21:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache Lbd MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf 11/08/2012 6:29:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. 11/08/2012 10:09:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 11/08/2012 1:17:20 PM, Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code. 10/08/2012 10:34:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 10/08/2012 10:34:24 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/08/2012 10:34:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions. 10/08/2012 10:13:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache Lbd NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf . ==== End Of File =========================== ______________________________________________________________________________________ I also ran RogueKiller and REPLACED the two FOUND files. See below: Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Greg [Admin rights] Mode: Scan -- Date: 08/16/2012 21:55:15 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] b4cb5883e9f415fafeec2c789bb707ea [bSP] 80bea9308df74132a8ea060c0842abcd : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100021 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204844815 | Size: 376915 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] f3740aab117c8a75308d907c170744c7 [bSP] 9b53ff7a320a8ea3a37add29d73f6c72 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100029 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204860880 | Size: 376907 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt

I have a recurring situation where typing occurs in the URL window. I'm using Google Chrome. The following is typed ?i06/////////// or variations. The Java Console keeps opening by itself. This also occurs when the windows search panel opens and is automatically typed. I have seen the same thing happen when I rename a file where I am typing and i06 is typed (not by me). I scanned (full) with Malwarebytes, Superantispyware, and Avast, then I tried Microsoft Security. Nothing detected. I did the same in safe mode. After I do scans this seems to solve the problem for a while - 1 to 3 days so far but then it resurfaces and intensifies - e.g. dozens of windows search boxes open. I noticed topics in your forum. In particular in regard to RogueKiller. I ran that and got the following: RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Normal mode User: Greg [Admin rights] Mode: Scan -- Date: 08/16/2012 21:55:15 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] b4cb5883e9f415fafeec2c789bb707ea [bSP] 80bea9308df74132a8ea060c0842abcd : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100021 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204844815 | Size: 376915 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD501LJ ATA Device +++++ --- User --- [MBR] f3740aab117c8a75308d907c170744c7 [bSP] 9b53ff7a320a8ea3a37add29d73f6c72 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100029 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204860880 | Size: 376907 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt Can anyone see if I have a problem? Cheers Greg QuarantineReport.txt RKreport1.txt RKreport2.txt