Jump to content

Persistent and recurring malware


Recommended Posts

I have a recurring situation where typing occurs in the URL window. I'm using Google Chrome. The following is typed ?i06/////////// or variations, but not by me. The Java Console keeps opening by itself. The windows search panel opens and is automatically typed with the above or variations. The same typing occurs when I rename a file where I am renaming and i06, etc is typed (but not by me).

I have also had freezes where I can only reboot. However since going back to “Normal” startup this seems to have stopped this. I still get some hang-time when opening sub-menu folders where the menu folder is empty for a while before it populates.

I scanned (full) with Malwarebytes, Superantispyware, and Avast, then I tried Microsoft Security. Nothing detected. I did the same in safe mode.

After I do scans this seems to solve the problem for a while - 1 to 3 days so far but then it resurfaces and intensifies - e.g. dozens of windows search boxes open.

I have tried to attach the requested DPP files but I keep getting "Error - The Server Returned an Error During Upload"

Therefore I'll copy and paste text:

____________________________________________________________________________________

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Greg at 10:38:58 on 2012-08-17

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2068 [GMT 10:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\brsvc01a.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\brss01a.exe

C:\Windows\System32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\MlCyMonS.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system\HsMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll

uURLSearchHooks: H - No File

mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll

BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\greg\appdata\roaming\complitly\Complitly.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - c:\program files\nch_en\prxtbNCH_.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe

mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hdwrit~1.lnk - c:\program files\common files\panasonic\hd writer autostart\HDWriterAutoStart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 MpKsl47fe81a7;MpKsl47fe81a7;c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\MpKsl47fe81a7.sys [2012-8-17 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856]

S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712]

S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-08-17 00:14:13 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\MpKsl47fe81a7.sys

2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle

2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-16 04:54:30 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{372c95f5-ba8b-48fa-89be-6ce28a39b786}\mpengine.dll

2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-15 04:30:07 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared

2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET

2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro

2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07}

2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2}

2012-08-12 00:36:08 -------- d-----w- c:\windows\pss

2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group

2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group

2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics

2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA

2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia

2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll

2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe

2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 10:39:14.64 ===============

______________________________________________________________________________________

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 5/01/2010 3:24:56 PM

System Uptime: 17/08/2012 9:46:52 AM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | EP35-DS3R

Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3000/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 98 GiB total, 56.548 GiB free.

D: is FIXED (NTFS) - 98 GiB total, 55.72 GiB free.

E: is FIXED (NTFS) - 368 GiB total, 323.122 GiB free.

F: is FIXED (NTFS) - 368 GiB total, 323.141 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.20

Acronis True Image Home

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Any DVD Cloner Platinum 1.0.5

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Xonar D1 Audio Driver

Audacity 1.2.6

AusLogics Disk Defrag

Bing Bar

Bonjour

CameraHelperMsi

CCleaner

Collage Maker 2.05

Complitly

D3DX10

Defraggler

Diagnostic Utility

Document Express DjVu Plug-in

DVD Decrypter (Remove Only)

DVD Flick 1.3.0.7

DVD Shrink 3.2

e-tax 2010

e-tax 2011

EA Download Manager

EA Download Manager UI

erLT

ESET Online Scanner v3

foobar2000 v0.9.6

Free HD Converter V 1.7

Free Window Registry Repair

Gigabyte Raid Configurer

Google Chrome

Google Earth

Google SketchUp 8

Google Talk Plugin

Google Update Helper

HD Writer AE 2.0

HiJackThis

HijackThis 1.99.1

Ideal DVD Copy V3.2.5

ImgBurn

iTunes

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

K-Lite Codec Pack 6.5.0 (Basic)

Logitech Desktop Messenger

Logitech Harmony Remote Software 7

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 1.1

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ Run Time Lib Setup

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MixPad Audio Mixer

MobileMe Control Panel

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MUSILAND Monitor Series(USB) Driver

MyHeritage Family Tree Builder

NCH EN Toolbar

NCH Tone Generator

Nero 7 Essentials

NetMeter 0.9.9.9 (beta 2)

Nikon Message Center

Nikon Transfer

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 301.42

NVIDIA 3D Vision Driver 301.42

NVIDIA Control Panel 301.42

NVIDIA Graphics Driver 301.42

NVIDIA HD Audio Driver 1.3.16.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.8.15

NVIDIA Update Components

OpenAL

PhotoME

Picasa 3

Prism Video File Converter

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recuva

Remote Control USB Driver

Revo Uninstaller Pro 2.5.8

Safari

SeaTools for Windows

Secure Multi Track Downloader

Security Update for CAPICOM (KB931906)

SUPERAntiSpyware

Switch Sound File Converter

System Requirements Lab

The Sims 2 Nightlife

The Sims™ 3

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Script Editor Help (KB963671)

ViewNX

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Voice Manager

Vtune 7.21

WavePad Sound Editor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinX DVD Ripper Platinum 6.8.2

WinX HD Video Converter Deluxe 3.12.2

.

==== Event Viewer Messages From Past Week ========

.

17/08/2012 9:47:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

16/08/2012 9:13:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

16/08/2012 9:13:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/08/2012 9:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

16/08/2012 9:13:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

16/08/2012 9:13:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

16/08/2012 8:56:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

16/08/2012 8:56:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

16/08/2012 8:56:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

16/08/2012 8:55:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

16/08/2012 8:55:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

16/08/2012 8:55:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache Lbd MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

16/08/2012 8:55:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

16/08/2012 10:21:07 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

14/08/2012 11:01:43 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MONSTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E19DABD5-9076-481B-A8A9-AA0A989928. The master browser is stopping or an election is being forced.

12/08/2012 10:48:28 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/08/2012 10:47:03 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache Lbd MpFilter SASDIFSV SASKUTIL spldr Wanarpv6

12/08/2012 10:18:46 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

11/08/2012 9:46:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

11/08/2012 8:34:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

11/08/2012 8:21:14 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache Lbd MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf

11/08/2012 6:29:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

11/08/2012 10:09:43 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

11/08/2012 1:17:20 PM, Error: Ntfs [137] - The default transaction resource manager on volume H: encountered a non-retryable error and could not start. The data contains the error code.

10/08/2012 10:34:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

10/08/2012 10:34:24 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/08/2012 10:34:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

10/08/2012 10:13:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache Lbd NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf

.

==== End Of File ===========================

______________________________________________________________________________________

I also ran RogueKiller and REPLACED the two FOUND files. See below:

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User: Greg [Admin rights]

Mode: Scan -- Date: 08/16/2012 21:55:15

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] b4cb5883e9f415fafeec2c789bb707ea

[bSP] 80bea9308df74132a8ea060c0842abcd : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100021 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204844815 | Size: 376915 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD501LJ ATA Device +++++

--- User ---

[MBR] f3740aab117c8a75308d907c170744c7

[bSP] 9b53ff7a320a8ea3a37add29d73f6c72 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 100029 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204860880 | Size: 376907 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Hello gjforce! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall this application: NCH EN Toolbar

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Hi Maniac,

Thanks very much for your help and guidance.

Step 1: NCH EN Toolbar uninstalled

Step 2: MBAM updated and scanned

Log as follows:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.17.08

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Greg :: GREGPC [administrator]

18/08/2012 10:59:49 AM

mbam-log-2012-08-18 (10-59-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243462

Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Step 3: Downloaded aswMBR and scanned but had problems - PC rebooted during scan and on the second scan stopped working. However the third scan was successful.

Log as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-18 11:09:20

-----------------------------

11:09:20.498 OS Version: Windows 6.1.7600

11:09:20.498 Number of processors: 2 586 0x1706

11:09:20.498 ComputerName: GREGPC UserName: Greg

11:09:20.947 Initialize success

11:09:25.519 AVAST engine defs: 12081701

11:09:47.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

11:09:47.900 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3

11:09:47.903 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0

11:09:47.907 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3

11:09:47.945 Disk 1 MBR read successfully

11:09:47.949 Disk 1 MBR scan

11:09:47.955 Disk 1 Windows 7 default MBR code

11:09:47.960 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100021 MB offset 63

11:09:47.978 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 376915 MB offset 204844815

11:09:47.986 Disk 1 scanning sectors +976768065

11:09:48.048 Disk 1 scanning C:\Windows\system32\drivers

11:09:59.335 Service scanning

11:10:08.983 Service MpKsl9d2e02b5 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1A440A56-6FE2-4E64-B23F-3A29783BBF55}\MpKsl9d2e02b5.sys **LOCKED** 32

11:10:24.674 Modules scanning

11:10:30.024 Disk 1 trace - called modules:

11:10:31.845 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys cmudaxp.sys portcls.sys HDAudBus.sys nvlddmkm.sys dxgkrnl.sys dxgmms1.sys intelppm.sys ndis.sys tcpip.sys NETIO.SYS RTKVHDA.sys ks.sys w

11:10:31.851 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x86f28030]

11:10:31.856 3 CLASSPNP.SYS[8d5c459e] -> nt!IofCallDriver -> [0x86a19938]

11:10:31.861 5 ACPI.sys[8cc973b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86167908]

11:10:31.866 7 cdrom.sys[8d3ba09c] -> nt!IofCallDriver -> \Device\CdRom0[0x872df3d8]

11:10:31.872 9 cdrom.sys[8d3ba09c] -> nt!IofCallDriver -> \Device\CdRom0[0x872df3d8]

11:10:32.415 AVAST engine scan C:\Windows

11:10:34.710 AVAST engine scan C:\Windows\system32

11:13:28.318 AVAST engine scan C:\Windows\system32\drivers

11:13:42.286 AVAST engine scan C:\Users\Greg

11:16:34.973 AVAST engine scan C:\ProgramData

11:17:59.582 Scan finished successfully

11:18:23.190 Disk 1 MBR has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\MBR.dat"

11:18:23.269 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\aswMBR 180812 1118.txt"

_______________________________________________________________________________________________________________

DDS log as follows:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Greg at 11:23:28 on 2012-08-18

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2091 [GMT 10:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\brsvc01a.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\brss01a.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\System32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\MlCyMonS.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\system\HsMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\users\greg\appdata\roaming\complitly\Complitly.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File

TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 MpKsl9d2e02b5;MpKsl9d2e02b5;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKsl9d2e02b5.sys [2012-8-18 29904]

R1 MpKslb1491ce3;MpKslb1491ce3;c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKslb1491ce3.sys [2012-8-17 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]

R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856]

S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712]

S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-08-18 01:06:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKsl9d2e02b5.sys

2012-08-17 06:01:38 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\MpKslb1491ce3.sys

2012-08-17 05:03:20 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1a440a56-6fe2-4e64-b23f-3a29783bbf55}\mpengine.dll

2012-08-17 00:41:26 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle

2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared

2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET

2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro

2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07}

2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2}

2012-08-12 00:36:08 -------- d-----w- c:\windows\pss

2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group

2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group

2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics

2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA

2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia

2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll

2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe

2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 11:23:37.51 ===============

Link to post
Share on other sites

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Here is the OTL.Txt

OTL logfile created on: 19/08/2012 12:17:28 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.98% Memory free

7.00 Gb Paging File | 5.13 Gb Available in Paging File | 73.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97.68 Gb Total Space | 55.92 Gb Free Space | 57.25% Space Free | Partition Type: NTFS

Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Computer Name: GREGPC | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:13:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL\OTL.exe

PRC - [2012/08/14 14:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/08/13 19:44:07 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2012/08/10 22:10:58 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () -- C:\Windows\System32\MlCyMonS.exe

PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/06/05 11:25:48 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/09/22 10:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/06/24 12:00:39 | 001,200,128 | R--- | M] (CMedia) -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe

PRC - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe

PRC - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe

PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/18 18:30:59 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/08/18 18:30:59 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/08/14 14:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll

MOD - [2012/08/14 14:30:58 | 012,235,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

MOD - [2012/08/14 14:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll

MOD - [2012/08/14 14:29:41 | 000,526,872 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libglesv2.dll

MOD - [2012/08/14 14:29:39 | 000,104,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libegl.dll

MOD - [2012/08/14 14:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll

MOD - [2012/08/14 14:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll

MOD - [2012/08/14 14:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll

MOD - [2012/01/28 20:08:29 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/01/28 20:08:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/06/05 11:25:46 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll

MOD - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe

MOD - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe

MOD - [2007/09/14 01:45:10 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/15 16:39:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MlCyMonS.exe -- (MlCyMonS)

SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/07/11 00:08:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/04/19 03:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/01/18 16:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2012/01/18 16:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/29 09:52:28 | 000,025,712 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonBus.sys -- (MlCyMonBus)

DRV - [2011/06/29 09:52:26 | 000,031,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonFW.sys -- (MlCyMonFW)

DRV - [2011/06/29 09:52:22 | 000,383,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMon.sys -- (MlCyMon)

DRV - [2010/05/26 17:48:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)

DRV - [2010/05/26 17:48:56 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/05/26 17:48:54 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)

DRV - [2010/05/26 17:48:52 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)

DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/07/20 12:26:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)

DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)

DRV - [2008/11/05 04:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2008/06/23 18:04:41 | 002,021,760 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)

DRV - [2007/12/03 12:19:42 | 000,019,968 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)

DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data]

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data]

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-18\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 71 0D C8 0E FA CA 01 [binary data]

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - No CLSID value found

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - No CLSID value found

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes,DefaultScope = {D7DFC726-95EF-468B-A10F-E819947828B1}

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes\{D7DFC726-95EF-468B-A10F-E819947828B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/13 19:44:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 20:04:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 09:59:36 | 000,000,000 | ---D | M]

[2012/08/13 12:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions

[2010/05/01 14:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2012/08/13 20:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/08/13 19:44:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012/02/17 00:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/11/18 16:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2012/02/16 20:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/16 20:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.au/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com.au/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - Extension: Complitly plugin for chrome = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: YouTube to MP3 Converter = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\

O1 HOSTS File: ([2012/08/17 16:20:40 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Greg\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.

O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No CLSID value found.

O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3632710230-39802525-731542294-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/19 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\OTL

[2012/08/18 10:32:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\aswMBR

[2012/08/17 13:33:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\DDS

[2012/08/17 09:59:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/16 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/08/16 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/08/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2012/08/13 19:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2012/08/13 19:44:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2012/08/13 15:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/08/13 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/08/13 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/08/12 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07}

[2012/08/12 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{852401E2-19FC-4315-99FA-3689341282E2}

[2012/08/12 10:36:08 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/08/11 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\VS Revo Group

[2012/08/11 15:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/08/11 15:21:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys

[2012/08/11 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/08/11 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/08/11 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Auslogics

[2012/08/11 10:25:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\NVIDIA

[2012/08/11 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/08/11 10:07:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Macromedia

[2012/08/11 09:48:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/11 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Microsoft Fixit Solution Center

[2012/08/10 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2010/01/05 15:02:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Greg\AppData\Roaming\pcouffin.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/19 00:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job

[2012/08/19 00:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/19 00:06:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/19 00:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/19 00:06:02 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012/08/18 22:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/18 22:16:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job

[2012/08/18 11:06:25 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 11:06:25 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 10:58:43 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/18 10:49:45 | 372,337,977 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/16 23:07:50 | 000,698,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/16 23:07:50 | 000,144,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/13 19:44:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2012/08/11 21:00:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/08/11 15:21:21 | 000,001,259 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/11 11:55:07 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/18 10:49:45 | 372,337,977 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/08/15 16:39:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/13 20:04:35 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/08/12 10:48:59 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[2012/08/11 15:21:21 | 000,001,259 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/11 10:13:13 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2012/08/11 09:02:10 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/08/10 22:26:04 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2012/01/19 14:54:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini

[2012/01/19 14:54:14 | 000,000,230 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2012/01/19 14:54:14 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2012/01/19 14:54:07 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat

[2012/01/19 14:54:06 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012/01/19 14:54:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2012/01/18 16:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2012/01/18 16:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2012/01/18 16:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2011/09/04 21:07:41 | 000,000,395 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2011/09/04 21:04:26 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2011/07/26 16:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2011/07/21 17:36:19 | 000,499,712 | R--- | C] () -- C:\Windows\System32\Cmeauoxy.exe

[2011/07/21 17:36:19 | 000,043,126 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2011/07/21 17:36:09 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2011/07/21 17:36:09 | 000,007,214 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2011/07/21 17:36:09 | 000,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2011/06/26 16:55:48 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MlCyMonS.exe

[2011/06/11 08:54:33 | 000,038,266 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011/04/27 10:16:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/04/27 10:16:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/03/20 10:31:19 | 000,000,867 | ---- | C] () -- C:\Users\Greg\RPSTD2010.lic

[2011/03/20 10:31:13 | 000,000,019 | ---- | C] () -- C:\Users\Greg\rp.ini

[2011/02/16 09:33:36 | 000,005,005 | ---- | C] () -- C:\ProgramData\mswjxndi.tal

[2011/02/16 09:14:11 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako

[2011/02/15 20:10:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts

[2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flowers

[2011/02/09 15:29:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2011/02/09 15:29:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Generic

[2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers

[2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flange Saw

[2011/02/09 15:28:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2011/02/09 15:28:18 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Funk Animals

[2010/11/27 22:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/03/14 11:51:19 | 000,082,038 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\theme.themepack

[2010/01/10 00:25:51 | 000,081,920 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\ezpinst.exe

[2010/01/05 15:07:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/01/05 15:02:45 | 000,087,608 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\inst.exe

[2010/01/05 15:02:45 | 000,007,887 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.cat

[2010/01/05 15:02:45 | 000,001,144 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.inf

========== LOP Check ==========

[2011/08/05 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ASUS

[2011/09/11 14:40:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MyHeritage

[2011/07/07 18:14:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound

[2010/05/30 16:13:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Acronis

[2010/01/09 17:05:02 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Any DVD Clone

[2010/01/10 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Any DVD Shrink

[2011/07/21 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ASUS

[2012/08/11 13:06:08 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Auslogics

[2011/07/29 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/01/28 14:34:50 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Complitly

[2011/02/16 11:50:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Digiarty

[2011/05/10 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/03/10 10:00:31 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\foobar2000

[2011/02/14 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\FreeHDConverter

[2011/06/12 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\ImgBurn

[2010/04/25 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech

[2011/02/15 20:11:05 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leawo

[2011/07/28 10:06:21 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MAGIX

[2011/02/16 09:33:37 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MOVAVI

[2011/02/15 20:11:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Moyea

[2011/09/04 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\MyHeritage

[2011/07/03 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\NCH Swift Sound

[2011/02/09 15:31:53 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Nikon

[2012/01/28 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Speedy P2P Movie Finder

[2010/03/27 09:47:48 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1

[2012/01/10 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\The Complete Genealogy Reporter - FTB

[2011/06/12 18:17:47 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Vso

[2012/01/28 20:30:17 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2012/02/05 14:19:28 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B946D9EE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >

________________________________________________________________________

Here is the Extras.Txt

OTL Extras logfile created on: 19/08/2012 12:17:28 AM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 70.98% Memory free

7.00 Gb Paging File | 5.13 Gb Available in Paging File | 73.40% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97.68 Gb Total Space | 55.92 Gb Free Space | 57.25% Space Free | Partition Type: NTFS

Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Computer Name: GREGPC | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{018CEC32-F944-4677-89DE-1DC88DADED17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{05B024D4-151A-41E4-95ED-2101D6ED638A}" = rport=445 | protocol=6 | dir=out | app=system |

"{26DC4A31-9BDE-4E0E-B970-7FC0494A032F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{2DBF8864-F98A-4C1F-84BC-16267700630D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{33328E6C-3FEB-4324-84B0-3575BDD97308}" = rport=138 | protocol=17 | dir=out | app=system |

"{356175C3-B3C9-402A-9E0D-079D1FABFA4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{53608A52-03FE-433D-9A4B-DA1E1EA34CC8}" = lport=137 | protocol=17 | dir=in | app=system |

"{60BDB423-4FCE-413E-889D-7FFA57429148}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{69F8FBC1-C99D-4087-ACAD-CA6C0408574B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7709ABE7-BBDD-4F1C-86F7-FA11F17CE290}" = lport=445 | protocol=6 | dir=in | app=system |

"{7737D385-C246-4754-AE01-079F7B7AF863}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7A974597-97FC-4BB3-8051-FB9F5A21B08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7F3C771D-0E4D-4692-9346-7810C707CEAD}" = rport=139 | protocol=6 | dir=out | app=system |

"{862F9A39-447A-4A62-A126-A66D4F7EFFED}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8955C1A9-8584-467A-8772-A8A202D57AAD}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A595A5C8-1C51-42B1-954B-1E353E9DB013}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B9FDD7C3-5410-4C9E-9337-7302DD1C84A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{BAD0A3E4-235B-4F70-96DC-C83AD7D46B5E}" = lport=139 | protocol=6 | dir=in | app=system |

"{BDC829F0-B804-4FAE-94D4-6135FDB24700}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{C445F935-6E68-4BBB-BC59-15DF9AC8E002}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C4B91AF3-A73C-4925-ADE0-A4DECEB32FED}" = rport=137 | protocol=17 | dir=out | app=system |

"{D6E83FDA-B164-4778-A582-43BB89C0BF3C}" = lport=138 | protocol=17 | dir=in | app=system |

"{DB3A9DFF-DD05-4841-8E23-4F190919D6E3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DE01097A-8B3E-4437-82A4-E50D7191AEAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EEFFF0FC-0EDD-4EEF-B75F-232C8BB176C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F0C684C5-A8AB-4D0B-8B19-87612315B1AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F1DC959F-E5AF-41D9-9CF2-EEB9DB47F424}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{FC09F774-6227-41C8-BE14-1D5A127AD98F}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0055F145-B425-4F6F-B6F0-30782AA1D9E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{01C6AB9E-1DA6-44EF-8021-31BE4CD52CA3}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{0271F741-E25F-4A83-8D90-4846403B6285}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{043165C9-A533-4820-9F16-CCF210462019}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{0B7672A6-D52A-40E9-858A-2D46EB09C8FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{16D908EC-E91B-43A1-9719-309B95EA708C}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{1B47AC10-9770-4E07-B617-D96F04F50975}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{1CB63141-F745-4EB7-AFC6-B907698F3F20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{22858F72-67CD-4766-8298-1849FD221FAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{261F9AB4-B078-4E30-86C0-7A2F3C792AE6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{299B1CC6-15F5-408E-9242-1C9E814E0F09}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{2A105062-DF44-4E27-AA38-1FDC25077BFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2E0DA6E7-F765-4577-B516-12D29B98BABC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{312AE61F-E30A-4685-B8A9-22830026049B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{36A2BA26-6AB9-4FA2-A5CA-B9743C0D0666}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{39678C85-C73A-4121-9B6A-94449A114F3B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{3CA8A374-8D02-4A8D-BB3C-9CB2D0D50743}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{4CB805E1-7236-471F-831E-F7B34D0C5D1D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe |

"{4EE2870E-F51B-455E-910B-D8EBB78BF180}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{542571CC-0BEE-4379-81FD-EA7DF6E4299D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{595B38F9-47EB-40CA-8AE3-8778893D8F21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{65B66B95-63B1-42C9-86E1-CDF30700A42B}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{78F3815F-F445-43F1-A7EF-FFE208736082}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{7A15D3B1-8EBD-486D-BEEF-84C3DC53AC03}" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"{7AC28D04-F485-4E63-AC04-77B36D7085ED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7B52E1CA-7A6E-4A83-9B08-5D4D3946D604}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7D661B4B-0827-4154-8453-E98C0622E9B9}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{7E32BF86-06B7-4077-8A08-0D3EAB9F6384}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{812403C4-2888-41C9-8583-11B51036B315}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |

"{8DB9BC19-5292-47AE-8CCA-9CAFCDA345A5}" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"{95B87A2B-5397-4D32-ACE3-AA2BFC7022E1}" = protocol=6 | dir=out | app=system |

"{9B5DA963-2292-417F-9D80-478D0B32D5A6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{9E00E65D-7E65-46BD-A804-425A9DFB0AE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9F0DF6D0-6EE2-47BC-B1F6-991250645C3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5EEA45A-AB80-441F-B75E-0EBF8FA1816B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{BBEE85AB-27B6-44E0-AED2-6D04152BBF71}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{C3621440-3F98-4D38-8FA8-91C045DD92A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C488EAE6-D91B-41FE-A0C7-E8CE5A465D57}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C9928054-D394-421B-BDD8-2A967932B5C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CB918D1B-0C11-4A84-9B09-88FFCED96B07}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E2A2FA8D-7CEA-406A-9410-7F0C07391E84}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{EE70FA20-2D1F-4929-8D02-11AC7D40FFFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{1131390B-FD21-4C9E-82CB-F0E0D82F4491}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{3F95BE72-7546-4DEB-A642-541EDBB82648}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |

"TCP Query User{A3BEDCAE-6C87-43C9-8A22-0E2EE9FACBC1}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"TCP Query User{C84247D7-B364-4582-ACB1-CFECE4D1357E}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"TCP Query User{F08155FB-744F-4A61-91E0-E6DE8D3591AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{B1846820-86F2-42D7-A901-393555371CB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{B1FB9A7B-B6FB-482F-834E-E92B3DC1FB89}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |

"UDP Query User{D5733512-273A-4AAB-8268-FEA8C25AD5B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{EABEC80B-2C2B-4256-BF21-1D4E0276330F}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"UDP Query User{F0389E52-86CE-44D2-A225-6382F117DF5E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{24176A21-AFC8-3DCC-A2BB-901734AA64B9}" = Google Talk Plugin

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29075035-802D-440E-5FC9-7F09D0DE12CB}" = Secure Multi Track Downloader

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3BDEE284-1516-40E8-B784-00FEBE1B1033}" = Nero 7 Essentials

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{824BDB0B-1D3F-43D7-BF20-4FC726E0D112}" = Document Express DjVu Plug-in

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{84639CB3-04D4-4758-B1D0-82E531D21F59}" = HD Writer AE 2.0

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B425AE84-3FD0-4005-A9A1-1C5EBB2674DB}" = MUSILAND Monitor Series(USB) Driver

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife

"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 9.20

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.5

"Audacity_is1" = Audacity 1.2.6

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"C-Media Oxygen HD Audio Driver" = ASUS Xonar D1 Audio Driver

"Collage Maker" = Collage Maker 2.05

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Defraggler" = Defraggler

"DVD Decrypter" = DVD Decrypter (Remove Only)

"DVD Flick_is1" = DVD Flick 1.3.0.7

"DVD Shrink_is1" = DVD Shrink 3.2

"EA Download Manager" = EA Download Manager

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Family Tree Builder" = MyHeritage Family Tree Builder

"foobar2000" = foobar2000 v0.9.6

"Free HD Converter_is1" = Free HD Converter V 1.7

"Free Window Registry Repair" = Free Window Registry Repair

"Google Chrome" = Google Chrome

"HijackThis" = HijackThis 1.99.1

"Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.5

"ImgBurn" = ImgBurn

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Basic)

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft Security Client" = Microsoft Security Essentials

"MixPad" = MixPad Audio Mixer

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MySSID_is1" = Vtune 7.21

"NetMeter_is1" = NetMeter 0.9.9.9 (beta 2)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"PhotoME_is1" = PhotoME

"Picasa 3" = Picasa 3

"Prism" = Prism Video File Converter

"RealPlayer 15.0" = RealPlayer

"Recuva" = Recuva

"SSMultiDownloader.20C017F97632BB7845F8760F39A9ECC24A435AA1.1" = Secure Multi Track Downloader

"Switch" = Switch Sound File Converter

"SystemRequirementsLab" = System Requirements Lab

"ToneGen" = NCH Tone Generator

"Uninstall_is1" = Uninstall 1.0.0.1

"Voice Manager" = Voice Manager

"WavePad" = WavePad Sound Editor

"WinLiveSuite" = Windows Live Essentials

"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.8.2

"WinX HD Video Converter Deluxe_is1" = WinX HD Video Converter Deluxe 3.12.2

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/12/2011 5:00:21 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4353

Error - 1/12/2011 5:00:21 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4353

Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5351

Error - 1/12/2011 5:00:22 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5351

Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6350

Error - 1/12/2011 5:00:23 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6350

Error - 1/12/2011 5:00:24 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/12/2011 5:00:24 PM | Computer Name = GregPC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 7364

[ OSession Events ]

Error - 5/10/2011 4:16:44 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 779

seconds with 720 seconds of active time. This session ended with a crash.

Error - 7/10/2011 8:04:13 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 484

seconds with 480 seconds of active time. This session ended with a crash.

Error - 7/10/2011 10:49:58 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1137

seconds with 1080 seconds of active time. This session ended with a crash.

Error - 17/10/2011 1:13:15 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 95

seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/10/2011 2:39:24 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 133

seconds with 120 seconds of active time. This session ended with a crash.

Error - 18/10/2011 4:34:09 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1203

seconds with 1200 seconds of active time. This session ended with a crash.

Error - 19/10/2011 3:54:48 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 995

seconds with 840 seconds of active time. This session ended with a crash.

Error - 19/10/2011 8:51:56 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 196

seconds with 180 seconds of active time. This session ended with a crash.

Error - 22/10/2011 3:03:04 AM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 592

seconds with 480 seconds of active time. This session ended with a crash.

Error - 24/10/2011 11:55:49 PM | Computer Name = GregPC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 783

seconds with 720 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 17/08/2012 8:50:23 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:23 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:50:24 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 17/08/2012 8:59:00 PM | Computer Name = GregPC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Lbd

Error - 17/08/2012 11:11:54 PM | Computer Name = GregPC | Source = Microsoft-Windows-HAL | ID = 12

Description = The platform firmware has corrupted memory across the previous system

power transition. Please check for updated firmware for your system.

< End of report >

Link to post
Share on other sites

I found the problem.

Step 1

Please uninstall this application: Complitly

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
    IE - HKU\.DEFAULT\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A
    IE - HKU\S-1-5-18\..\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16054&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=OG&apn_dtid=VIN001WTAU&apn_uid=30BA537B-8BFC-434B-A9B6-7ECA1AAC868A&apn_sauid=8658E4CA-E54E-4F92-93DB-FAA14DF3338A
    IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2801948
    IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
    IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {631ac2d4-57b3-42b0-a148-da33b462c1a3} - No CLSID value found
    IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - No CLSID value found
    CHR - Extension: Complitly plugin for chrome = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
    O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Greg\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
    O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No CLSID value found.
    O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

    :files
    C:\Users\Greg\AppData\Roaming\Complitly
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Steps 1 & 2 completed.

Here is the fix log:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92169280-3302-42D4-AF19-366B34098AFC}\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{92169280-3302-42D4-AF19-366B34098AFC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92169280-3302-42D4-AF19-366B34098AFC}\ not found.

HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{631ac2d4-57b3-42b0-a148-da33b462c1a3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{631ac2d4-57b3-42b0-a148-da33b462c1a3}\ not found.

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ad708c09-d51b-45b3-9d28-4eba2681febf} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad708c09-d51b-45b3-9d28-4eba2681febf}\ not found.

File C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.

File C:\Users\Greg\AppData\Roaming\Complitly\Complitly.dll not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}\ not found.

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}\ not found.

Registry value HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

========== FILES ==========

File\Folder C:\Users\Greg\AppData\Roaming\Complitly not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Greg\Desktop\OTL\cmd.bat deleted successfully.

C:\Users\Greg\Desktop\OTL\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 6329293 bytes

->Temporary Internet Files folder emptied: 63762522 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 121167476 bytes

->Flash cache emptied: 44663 bytes

User: All Users

User: Default

Link to post
Share on other sites

Unfortunately part of the problem has reoccurred.

The Windows search box has opened by itself on a number of occasions without my input. Once it was pre-filled with “i06”.

I have ran MBAM, aswMBR, DDS and OTL again (logs attached).

MBAM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.20.01

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Greg :: GREGPC [administrator]

Protection: Enabled

20/08/2012 12:30:21 PM

mbam-log-2012-08-20 (12-30-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 241307

Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-20 12:44:34

-----------------------------

12:44:34.701 OS Version: Windows 6.1.7600

12:44:34.702 Number of processors: 2 586 0x1706

12:44:34.702 ComputerName: GREGPC UserName: Greg

12:44:35.326 Initialize success

12:44:39.895 AVAST engine defs: 12081900

12:44:42.338 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

12:44:42.341 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3

12:44:42.344 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0

12:44:42.348 Disk 1 Vendor: SAMSUNG_HD501LJ CR100-12 Size: 476938MB BusType: 3

12:44:42.367 Disk 1 MBR read successfully

12:44:42.371 Disk 1 MBR scan

12:44:42.378 Disk 1 Windows 7 default MBR code

12:44:42.382 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100021 MB offset 63

12:44:42.400 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 376915 MB offset 204844815

12:44:42.409 Disk 1 scanning sectors +976768065

12:44:42.458 Disk 1 scanning C:\Windows\system32\drivers

12:44:57.356 Service scanning

12:45:13.614 Service MpKsl6f254ebf C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKsl6f254ebf.sys **LOCKED** 32

12:45:29.208 Modules scanning

12:45:35.438 Disk 1 trace - called modules:

12:45:35.448

12:45:36.007 AVAST engine scan C:\Windows

12:45:38.937 AVAST engine scan C:\Windows\system32

12:48:40.987 AVAST engine scan C:\Windows\system32\drivers

12:49:03.423 AVAST engine scan C:\Users\Greg

12:51:59.466 AVAST engine scan C:\ProgramData

12:53:40.559 Scan finished successfully

12:59:50.489 Disk 1 MBR has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\MBR.dat"

12:59:50.549 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR\aswMBR 200812.txt"

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Greg at 13:26:29 on 2012-08-20

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2050 [GMT 10:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\brsvc01a.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\brss01a.exe

C:\Windows\System32\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\MlCyMonS.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system\HsMgr.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\ASUS Xonar D1 Audio\Customapp\ASUSAUDIOCENTER.EXE

C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXMon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page =

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Cmaudio8788GX] c:\windows\system\HsMgr.exe Envoke

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\greg\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C} : DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\pn4urrjs.default\

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\greg\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\greg\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R1 MpKsl6f254ebf;MpKsl6f254ebf;c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKsl6f254ebf.sys [2012-8-20 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-5-23 655944]

R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [2011-6-26 64512]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-8-11 1262400]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-1-5 27648]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]

R3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-7-21 2021760]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-5-23 22344]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-8-11 148800]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-5 189440]

S1 MpKslfc2f955e;MpKslfc2f955e;c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKslfc2f955e.sys [2012-8-20 29904]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-15 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-9-11 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-6 135664]

S3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMon.sys [2011-6-29 383856]

S3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonBus.sys [2011-6-29 25712]

S3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\drivers\MlCyMonFW.sys [2011-6-29 31856]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-8-11 27192]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-1-5 19968]

S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-1-5 43008]

S4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-11 1343400]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-08-20 02:43:43 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\MpKsl6f254ebf.sys

2012-08-20 00:12:57 -------- d-----w- C:\_OTL

2012-08-19 09:50:39 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{06684d85-e992-4471-a493-0f850d523d35}\mpengine.dll

2012-08-18 08:11:26 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-16 11:30:45 -------- d-----w- c:\program files\Oracle

2012-08-16 11:30:41 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-15 06:39:04 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:39:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-13 09:44:28 -------- d-----w- c:\program files\common files\xing shared

2012-08-13 05:48:14 -------- d-----w- c:\program files\ESET

2012-08-13 00:16:57 388096 ----a-r- c:\users\greg\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-08-13 00:16:57 -------- d-----w- c:\program files\Trend Micro

2012-08-12 01:19:55 -------- d-----w- c:\users\greg\appdata\local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07}

2012-08-12 00:53:08 -------- d-----w- c:\users\greg\appdata\local\{852401E2-19FC-4315-99FA-3689341282E2}

2012-08-12 00:36:08 -------- d-----w- c:\windows\pss

2012-08-11 05:21:25 -------- d-----w- c:\users\greg\appdata\local\VS Revo Group

2012-08-11 05:21:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-08-11 05:21:17 -------- d-----w- c:\program files\VS Revo Group

2012-08-11 03:06:08 -------- d-----w- c:\users\greg\appdata\roaming\Auslogics

2012-08-11 00:25:36 -------- d-----w- c:\users\greg\appdata\roaming\NVIDIA

2012-08-11 00:13:13 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-11 00:12:12 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-08-11 00:12:12 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-08-11 00:12:12 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-11 00:12:12 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-08-11 00:12:12 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-08-11 00:12:12 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-11 00:12:12 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-11 00:12:12 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-08-11 00:12:12 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-11 00:12:12 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-11 00:12:12 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-08-11 00:12:12 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-11 00:07:12 -------- d-----w- c:\users\greg\appdata\local\Macromedia

2012-08-10 23:48:16 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-10 12:34:23 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{46718de9-32c5-4149-8afd-58ad6af096a3}\gapaengine.dll

2012-08-10 12:29:35 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-10 12:29:29 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-10 12:29:26 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-10 12:29:26 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-10 12:25:50 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-10 12:25:45 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-11 01:53:41 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe

2012-07-05 12:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 13:26:40.26 ===============

OTL

OTL logfile created on: 20/08/2012 1:13:43 PM - Run 2

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Greg\Desktop\OTL

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.50 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 58.47% Memory free

7.00 Gb Paging File | 5.41 Gb Available in Paging File | 77.37% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 97.68 Gb Total Space | 56.58 Gb Free Space | 57.93% Space Free | Partition Type: NTFS

Drive D: | 97.69 Gb Total Space | 55.72 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Drive E: | 368.08 Gb Total Space | 323.12 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Drive F: | 368.07 Gb Total Space | 323.14 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Computer Name: GREGPC | User Name: Greg | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/19 00:13:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL\OTL.exe

PRC - [2012/08/14 14:31:01 | 001,229,848 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2012/08/13 19:44:07 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () -- C:\Windows\System32\MlCyMonS.exe

PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/06/05 11:25:48 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/09/22 10:50:36 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2009/07/14 11:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2008/06/24 12:00:39 | 001,200,128 | R--- | M] (CMedia) -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\AsusAudioCenter.exe

PRC - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe

PRC - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe

PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/14 14:30:59 | 000,442,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll

MOD - [2012/08/14 14:30:57 | 003,997,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll

MOD - [2012/08/14 14:29:41 | 000,526,872 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libglesv2.dll

MOD - [2012/08/14 14:29:39 | 000,104,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\libegl.dll

MOD - [2012/08/14 14:29:28 | 000,144,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avutil-51.dll

MOD - [2012/08/14 14:29:27 | 000,266,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avformat-54.dll

MOD - [2012/08/14 14:29:26 | 002,480,680 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/06/05 11:25:46 | 000,061,496 | ---- | M] () -- C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll

MOD - [2008/05/05 18:59:54 | 000,200,704 | R--- | M] () -- C:\Windows\system\HsMgr.exe

MOD - [2008/01/09 16:18:18 | 000,090,112 | R--- | M] () -- C:\Program Files\ASUS Xonar D1 Audio\Customapp\MXmon.exe

MOD - [2007/09/14 01:45:10 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll

MOD - [2006/10/26 12:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/08/15 16:39:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/01/18 16:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/08/12 09:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/06/26 16:55:48 | 000,064,512 | ---- | M] () [Auto | Running] -- C:\Windows\System32\MlCyMonS.exe -- (MlCyMonS)

SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/07/11 00:08:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/06/15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Greg\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/08/20 12:43:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKsl6f254ebf.sys -- (MpKsl6f254ebf)

DRV - [2012/08/20 12:36:00 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06684D85-E992-4471-A493-0F850D523D35}\MpKslfc2f955e.sys -- (MpKslfc2f955e)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/04/19 03:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2012/01/18 16:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2012/01/18 16:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2011/07/23 02:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/13 07:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011/06/29 09:52:28 | 000,025,712 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonBus.sys -- (MlCyMonBus)

DRV - [2011/06/29 09:52:26 | 000,031,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMonFW.sys -- (MlCyMonFW)

DRV - [2011/06/29 09:52:22 | 000,383,856 | ---- | M] (MUSILAND®) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MlCyMon.sys -- (MlCyMon)

DRV - [2010/05/26 17:48:56 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)

DRV - [2010/05/26 17:48:56 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2010/05/26 17:48:54 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)

DRV - [2010/05/26 17:48:52 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)

DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)

DRV - [2009/07/20 12:26:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV - [2009/07/14 11:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2009/07/14 11:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2009/07/14 11:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2009/07/14 09:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 09:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/07/14 09:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)

DRV - [2009/04/06 13:13:30 | 000,043,008 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)

DRV - [2008/11/05 04:21:04 | 000,083,296 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2008/06/23 18:04:41 | 002,021,760 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudaxp.sys -- (cmudaxp)

DRV - [2007/12/03 12:19:42 | 000,019,968 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)

DRV - [2007/03/16 09:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)

DRV - [2006/02/20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data]

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC EB 42 C2 30 FF CB 01 [binary data]

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 71 0D C8 0E FA CA 01 [binary data]

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes,DefaultScope = {D7DFC726-95EF-468B-A10F-E819947828B1}

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\SearchScopes\{D7DFC726-95EF-468B-A10F-E819947828B1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3632710230-39802525-731542294-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/13 19:44:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 20:04:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 09:59:36 | 000,000,000 | ---D | M]

[2012/08/13 12:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions

[2010/05/01 14:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2012/08/13 20:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/08/13 19:44:25 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012/02/17 00:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/11/18 16:44:16 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll

[2012/02/16 20:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/16 20:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.au/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com.au/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npdjvu.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Greg\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: YouTube to MP3 Converter = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlfhmlakkppnbdbeeifhbkpgmhcbmabl\0.1.2_0\

O1 HOSTS File: ([2012/08/17 16:20:40 | 000,000,843 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-3632710230-39802525-731542294-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Cmaudio8788] RunDll32 cmicnfgp.cpl,CMICtrlWnd File not found

O4 - HKLM..\Run: [Cmaudio8788GX] C:\Windows\system\HsMgr.exe ()

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3632710230-39802525-731542294-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E19DABD5-9076-481B-A8A9-AA0A9899282C}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/20 10:12:57 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/08/19 00:14:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\OTL

[2012/08/18 10:32:59 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\aswMBR

[2012/08/17 13:33:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\DDS

[2012/08/17 09:59:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/08/16 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/08/16 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/08/16 21:30:41 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/08/16 21:30:41 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/08/16 21:30:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/16 21:30:38 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/08/15 16:39:04 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/08/15 16:39:03 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/13 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2012/08/13 19:44:18 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2012/08/13 19:44:09 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2012/08/13 19:44:09 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2012/08/13 19:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2012/08/13 19:44:08 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2012/08/13 15:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/08/13 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/08/13 10:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/08/12 11:19:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{7D8FB5DA-CEDF-4966-9245-D9DEE539CA07}

[2012/08/12 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\{852401E2-19FC-4315-99FA-3689341282E2}

[2012/08/12 10:36:08 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012/08/11 15:21:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\VS Revo Group

[2012/08/11 15:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/08/11 15:21:20 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys

[2012/08/11 15:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/08/11 14:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/08/11 13:06:08 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Auslogics

[2012/08/11 10:25:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\NVIDIA

[2012/08/11 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012/08/11 10:12:12 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll

[2012/08/11 10:12:12 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll

[2012/08/11 10:12:12 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys

[2012/08/11 10:12:12 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll

[2012/08/11 10:12:12 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll

[2012/08/11 10:12:12 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll

[2012/08/11 10:12:12 | 000,876,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll

[2012/08/11 10:12:12 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll

[2012/08/11 10:12:12 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll

[2012/08/11 10:12:12 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll

[2012/08/11 10:12:12 | 000,148,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys

[2012/08/11 10:12:12 | 000,027,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll

[2012/08/11 10:07:12 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Macromedia

[2012/08/11 09:48:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/08/11 09:46:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Microsoft Fixit Solution Center

[2012/08/10 22:29:35 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/08/10 22:29:35 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/08/10 22:29:29 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/08/10 22:29:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/08/10 22:29:29 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/08/10 22:29:26 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/08/10 22:29:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/08/10 22:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/08/10 22:25:45 | 000,240,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2010/01/05 15:02:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Greg\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/20 13:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job

[2012/08/20 13:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/08/20 13:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/20 12:50:00 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 12:50:00 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/20 12:42:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/08/20 12:42:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/20 12:42:39 | 290,180,153 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/20 12:42:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs

[2012/08/20 12:42:34 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/19 23:18:32 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job

[2012/08/16 23:07:50 | 000,698,170 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/16 23:07:50 | 000,144,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/16 21:30:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/08/16 21:30:34 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/08/15 16:39:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/08/15 16:39:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/08/13 19:44:18 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2012/08/13 19:44:09 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2012/08/13 19:44:09 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2012/08/13 19:44:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2012/08/11 21:00:52 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/08/11 15:21:21 | 000,001,259 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/11 11:55:07 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let

[2012/08/11 11:53:41 | 001,880,856 | ---- | M] (Acronis) -- C:\Windows\System32\AutoPartNt.exe

========== Files Created - No Company Name ==========

[2012/08/18 10:49:45 | 290,180,153 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/08/15 16:39:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/13 20:04:35 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/08/12 10:48:59 | 000,002,434 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

[2012/08/11 15:21:21 | 000,001,259 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk

[2012/08/11 10:13:13 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin

[2012/08/11 09:02:10 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/08/10 22:26:04 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2012/01/19 14:54:16 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini

[2012/01/19 14:54:14 | 000,000,230 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2012/01/19 14:54:14 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2012/01/19 14:54:07 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat

[2012/01/19 14:54:06 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012/01/19 14:54:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2012/01/18 16:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll

[2012/01/18 16:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll

[2012/01/18 16:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe

[2011/09/04 21:07:41 | 000,000,395 | ---- | C] () -- C:\Windows\MyHeritage.INI

[2011/09/04 21:04:26 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll

[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2011/07/26 16:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2011/07/21 17:36:19 | 000,499,712 | R--- | C] () -- C:\Windows\System32\Cmeauoxy.exe

[2011/07/21 17:36:19 | 000,043,126 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2011/07/21 17:36:09 | 000,258,048 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll

[2011/07/21 17:36:09 | 000,007,214 | R--- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2011/07/21 17:36:09 | 000,000,862 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2011/06/26 16:55:48 | 000,064,512 | ---- | C] () -- C:\Windows\System32\MlCyMonS.exe

[2011/06/11 08:54:33 | 000,038,266 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft Excel 97-2003.ADR

[2011/04/27 10:16:20 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/04/27 10:16:20 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/03/20 10:31:19 | 000,000,867 | ---- | C] () -- C:\Users\Greg\RPSTD2010.lic

[2011/03/20 10:31:13 | 000,000,019 | ---- | C] () -- C:\Users\Greg\rp.ini

[2011/02/16 09:33:36 | 000,005,005 | ---- | C] () -- C:\ProgramData\mswjxndi.tal

[2011/02/16 09:14:11 | 000,004,976 | ---- | C] () -- C:\ProgramData\ojobkspa.ako

[2011/02/15 20:10:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts

[2011/02/09 15:29:22 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flowers

[2011/02/09 15:29:22 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT

[2011/02/09 15:29:22 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Generic

[2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Folder Actions Handlers

[2011/02/09 15:28:18 | 000,000,268 | RH-- | C] () -- C:\Users\Greg\AppData\Roaming\Flange Saw

[2011/02/09 15:28:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT

[2011/02/09 15:28:18 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Funk Animals

[2010/11/27 22:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/03/14 11:51:19 | 000,082,038 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\theme.themepack

[2010/01/10 00:25:51 | 000,081,920 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\ezpinst.exe

[2010/01/05 15:07:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

[2010/01/05 15:02:45 | 000,087,608 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\inst.exe

[2010/01/05 15:02:45 | 000,007,887 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.cat

[2010/01/05 15:02:45 | 000,001,144 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\pcouffin.inf

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:24051EFF

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B946D9EE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:264B2CC4

< End of report >

(note OTL didn’t do an Extras log this time)

Link to post
Share on other sites

Ok, thanks I'll try that but, rather than reinstall Chrome, I think I'll go back to Firefox. This seems to have surfaced since I started using Chrome. I didn't uninstall exported Chrome bookmarks. Can you see any issues if I import Chrome bookmarks into Firefox?

Link to post
Share on other sites

Unfortunately I have had a wave of invasion from single to multiple blue search screens with the computer beeping – I don’t usually have the sound on. Some screens open and text is typed in – e.g. “i06” and other text from other searches I’ve done. I tried to copy and paste these into this post but it doesn't work.

This has now affected the browser with multiple beeping on every invasion.

It has just typed “I06” into this text.

Do you think a reformat is the only answer?

Link to post
Share on other sites

No, stay with me, I have some ideas for now.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Thanks.

PS - the infection may have preceded 21072012 as I ignored some early signs (e.g. a "?" appearing by itself in the navigation bar window).

PPS - also, before the forum, I restored backups to try and reach a pre-infection point. I used the most recent backup to the first backup (in April 2012) but the problem keeps coming back. Could it be hidden in the partioned drive or secondary drive? I have a harddrive partioned - C drive for the OS and E drive for personal stuff. I have a secondary harddrive (within the PC) which is a clone of C and E drive.

Here is the log:

ComboFix 12-08-21.02 - Greg 22/08/2012 9:40.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3582.2322 [GMT 10:00]

Running from: c:\users\Greg\Desktop\Combofix\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Greg\AppData\Roaming\inst.exe

c:\windows\7Loader.TAG

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

.

2012-08-21 23:44 . 2012-08-21 23:45 -------- d-----w- c:\users\Greg\AppData\Local\temp

2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-21 23:44 . 2012-08-21 23:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-08-21 23:25 . 2012-08-21 23:25 573920 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-08-21 23:25 . 2012-08-21 23:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-08-21 23:25 . 2012-08-21 23:25 68576 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

2012-08-21 23:25 . 2012-08-21 23:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-08-21 23:25 . 2012-08-21 23:25 157608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-08-21 23:25 . 2012-08-21 23:25 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-08-21 12:56 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62DD0505-DBC4-4913-BA92-1222DC6F453B}\mpengine.dll

2012-08-20 11:58 . 2012-06-28 15:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-20 00:12 . 2012-08-20 00:12 -------- d-----w- C:\_OTL

2012-08-16 11:30 . 2012-08-16 11:30 -------- d-----w- c:\program files\Common Files\Java

2012-08-16 11:30 . 2012-08-16 11:30 -------- d-----w- c:\program files\Oracle

2012-08-16 11:30 . 2012-07-05 12:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-15 06:39 . 2012-08-15 06:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-15 06:39 . 2012-08-15 06:39 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-13 09:44 . 2012-08-13 09:44 -------- d-----w- c:\program files\Common Files\xing shared

2012-08-13 09:31 . 2012-08-13 09:31 -------- d-----w- c:\users\Public\Roaming

2012-08-13 05:48 . 2012-08-13 05:48 -------- d-----w- c:\program files\ESET

2012-08-13 00:16 . 2012-08-13 00:16 388096 ----a-r- c:\users\Greg\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-13 00:16 . 2012-08-13 00:16 -------- d-----w- c:\program files\Trend Micro

2012-08-11 05:21 . 2012-08-11 05:21 -------- d-----w- c:\users\Greg\AppData\Local\VS Revo Group

2012-08-11 05:21 . 2009-12-30 01:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-08-11 05:21 . 2012-08-11 05:21 -------- d-----w- c:\program files\VS Revo Group

2012-08-11 03:06 . 2012-08-11 03:06 -------- d-----w- c:\users\Greg\AppData\Roaming\Auslogics

2012-08-11 00:25 . 2012-08-11 00:25 -------- d-----w- c:\users\Greg\AppData\Roaming\NVIDIA

2012-08-11 00:13 . 2012-05-15 09:28 2621723 ----a-w- c:\windows\system32\nvcoproc.bin

2012-08-11 00:12 . 2012-05-15 10:26 818496 ----a-w- c:\windows\system32\nvumdshim.dll

2012-08-11 00:12 . 2012-05-15 10:26 5982528 ----a-w- c:\windows\system32\nvcuda.dll

2012-08-11 00:12 . 2012-05-15 10:26 301376 ----a-w- c:\windows\system32\nvdecodemft.dll

2012-08-11 00:12 . 2012-05-15 10:26 2524992 ----a-w- c:\windows\system32\nvcuvid.dll

2012-08-11 00:12 . 2012-05-15 10:26 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-08-11 00:12 . 2012-05-15 10:26 202048 ----a-w- c:\windows\system32\nvinit.dll

2012-08-11 00:12 . 2012-05-15 10:26 19607872 ----a-w- c:\windows\system32\nvoglv32.dll

2012-08-11 00:12 . 2012-05-15 10:26 17551680 ----a-w- c:\windows\system32\nvcompiler.dll

2012-08-11 00:12 . 2012-05-15 10:26 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-08-11 00:12 . 2012-04-18 17:08 27968 ----a-w- c:\windows\system32\nvhdap32.dll

2012-08-11 00:12 . 2012-04-18 17:08 148800 ----a-w- c:\windows\system32\drivers\nvhda32v.sys

2012-08-11 00:12 . 2012-04-18 17:08 876864 ----a-w- c:\windows\system32\nvhdagenco3220103.dll

2012-08-11 00:07 . 2012-08-11 00:07 -------- d-----w- c:\users\Greg\AppData\Local\Macromedia

2012-08-10 12:34 . 2012-08-10 12:29 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46718DE9-32C5-4149-8AFD-58AD6AF096A3}\gapaengine.dll

2012-08-10 12:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-10 12:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-08-10 12:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-10 12:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-08-10 12:29 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-08-10 12:29 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-08-10 12:29 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-08-10 12:29 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-10 12:29 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-08-10 12:25 . 2012-08-10 12:26 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-10 12:25 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-11 01:53 . 2010-02-03 05:30 1880856 ----a-w- c:\windows\system32\AutoPartNt.exe

2012-07-05 12:06 . 2012-02-14 01:17 687544 ----a-w- c:\windows\system32\deployJava1.dll

2012-07-03 03:46 . 2011-05-23 11:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-21 23:25 . 2012-08-13 10:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-13 2595480]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-13 905056]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-13 140568]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Cmaudio8788GX"="c:\windows\system\HsMgr.exe" [2008-05-05 200704]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-08 8120864]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-08-13 296096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-6-5 67128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk]

backup=c:\windows\pss\HD Writer.lnk.CommonStartup

backupExtension=.CommonStartup

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]

2011-12-21 15:26 229376 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]

2011-11-11 04:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 MlCyMonS;MUSILAND Monitor Series(USB) CPL Daemon;c:\windows\system32\MlCyMonS.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 MlCyMon;Device Driver for MUSILAND Monitor Series(USB);c:\windows\system32\DRIVERS\MlCyMon.sys [x]

R3 MlCyMonBus;Bus Driver for MUSILAND Monitor Series(USB);c:\windows\system32\Drivers\MlCyMonBus.sys [x]

R3 MlCyMonFW;Firmware Driver for MUSILAND Monitor Series(USB);c:\windows\system32\Drivers\MlCyMonFW.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]

R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]

S3 cmudaxp;ASUS Xonar D1 Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 06:39]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 02:00]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-06 02:00]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001Core.job

- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 23:20]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632710230-39802525-731542294-1001UA.job

- c:\users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-11 23:20]

.

.

------- Supplementary Scan -------

.

uStart Page =

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - c:\users\Greg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.1.1

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\pn4urrjs.default\

FF - prefs.js: browser.search.selectedEngine - Amazon.com

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-Cmaudio8788 - cmicnfgp.cpl

MSConfigStartUp-avast5 - c:\program files\Alwil Software\Avast5\avastUI.exe

AddRemove-HijackThis - c:\users\Greg\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe

AddRemove-RealPlayer 15.0 - c:\program files\Real\RealPlayer\Update\r1puninst.exe

.

.

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600 Disk: SAMSUNG_HD501LJ rev.CR100-12 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,85,2d,c4,5d,6e,12,49,88,5a,fb,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,85,2d,c4,5d,6e,12,49,88,5a,fb,\

.

[HKEY_USERS\S-1-5-21-3632710230-39802525-731542294-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:d2,49,62,4a,d8,a4,2a,cd,79,51,bb,e1,40,69,9c,97,06,6e,cb,fe,d5,dd,fb,

7a,3d,0b,e6,fd,4d,48,7e,a3,b9,45,79,b2,ee,60,8e,57,73,f3,50,34,6e,87,0f,ee,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'lsass.exe'(696)

c:\windows\system32\relog_ap.DLL

.

Completion time: 2012-08-22 09:45:56

ComboFix-quarantined-files.txt 2012-08-21 23:45

.

Pre-Run: 60,632,088,576 bytes free

Post-Run: 60,677,599,232 bytes free

.

- - End Of File - - 27C0D34407F711FDF72275AC218C3327

Link to post
Share on other sites

Yes, when I couldn't get rid of the infection by scans, etc I restored from my backup (C drive only) in April. Things worked well for a number of days without reoccurrence of the infection.

I decided during that time that I had fixed the problem. I cloned this harddrive to a secondary drive thinking that I would overwrite any infection there and I also wiped my external backup drive (of all weekly backups) and backed up that C & E drive thinking that I would overwrite any infection there. That's when the infection appeared again and I started my post on MBAM.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here are the results:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=dd59a893bc10ef43b1a5a5d3b4611c67

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-13 07:54:27

# local_time=2012-08-13 05:54:27 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=768 16777215 100 0 78855423 78855423 0 0

# compatibility_mode=5893 16776574 100 94 28288645 96472024 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=346337

# found=4

# cleaned=4

# scan_time=7233

C:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Program Files\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

E:\Greg's Documents\Downloads\HD Converter 1.7\Setup_FreeAVCHDConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\Greg's Documents\Downloads\HD Converter 1.7\Setup_FreeAVCHDConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=dd59a893bc10ef43b1a5a5d3b4611c67

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-22 01:00:59

# local_time=2012-08-22 11:00:59 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 823508 823508 0 0

# compatibility_mode=768 16777215 100 0 79655115 79655115 0 0

# compatibility_mode=5893 16776574 100 94 29088337 97271716 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=129892

# found=2

# cleaned=2

# scan_time=3533

C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\pn4urrjs.default\Cache\3\54\4EC9Ed01 HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Greg\AppData\Local\Mozilla\Firefox\Profiles\pn4urrjs.default\Cache\E\22\C5860d01 HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

No reoccurrence.

I considered it might be a keyboard problem but some of the things appearing on screen went against that although when the mystery blue search screen opened up in safe mode (no networking) by itself and when I started the computer (from shut down) it made an "eeeeeeeeee" noise and went to the bios screen by itself it pointed more to a faulty/malfunctioning keyboard.

Thanks again Maniac for your help and guidance. It's great that there are such forums and help available (particularly MBAM). MBAM got rid of a nasty malware problem that I had a while back and I swear by it.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.