Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PC Won't Boot After AVG and Tuneup Scan

Started by dogbiscuit , Jul 25 2012 07:04 AM

  • Please log in to reply

#16
dogbiscuit
Posted 27 July 2012 - 08:55 AM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
I love you! My PC just booted up finally :D Can you explain what went wrong and how we've just fixed it?
Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-27 15:45:09 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Users\All Users\lcjetrdoampggoa moved successfully.

==== End of Fixlog ====
  • 0

Advertisements

#17
Amlak
Posted 27 July 2012 - 10:15 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts

SubSystems: [Windows] ATTENTION! ====> ZeroAccess


That is the culprit. What AVG did was remove a certain malicious file or two without having this Registry value Windows (under the Registry key SubSystems) fixed, which is why your computer wouldn't reboot normally.

Normally, with this variant of ZeroAccess, you have to have both the malicious file(s) and the Registry value fixed simultaneously in order to get rid of the main core of the malware effectively.

For more information, go here.

Anyway, we're not done yet. I'll let you know what to do next soon. Need to catch some good sleep now.
  • 0

#18
Amlak
Posted 28 July 2012 - 08:30 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hey, dogbiscuit.

Please keep in mind that what caused this issue is a backdoor infection. Please read the following carefully:

Note: You have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and has been killed for now, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall



Let me know what you wish to do. If you wish not to do a format and reinstall, please continue reading this post to do the following:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#19
dogbiscuit
Posted 28 July 2012 - 04:58 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Well since running combofix, if I try to run any program, I get the following message: 'Illegal operation attempted on a registry key that has been marked for deletion'. I managed to launch my browser by running it as administrator. Other than that things seem to be running fine. I thought things were running fine even before all this crash. ALthough now that I think about it, a couple of weeks ago I had problems with internet inexlicably dropping. At one point it dropped for 2 days. I put it down to a network adaptor, or livebox problem. It happened again today on and off so I'm starting to wonder if it's connected with the infection.
Anyway, here's the log:

ComboFix 12-07-27.03 - Craig 28/07/2012 23:09:14.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3583.1164 [GMT 1:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1DEC.tmp
c:\users\Craig\AppData\Roaming\Adobe\plugs
c:\users\Craig\AppData\Roaming\Adobe\shed
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 22:21 . 2012-07-28 22:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 07:12 . 2012-07-26 07:13 -------- d-----w- C:\FRST
2012-07-21 11:36 . 2012-07-21 11:38 -------- d-----w- c:\users\Craig\AppData\Roaming\AVG
2012-07-21 11:20 . 2012-07-21 11:20 -------- d-----w- c:\users\Craig\AppData\Local\AVG Secure Search
2012-07-21 11:19 . 2012-07-21 11:21 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-21 11:19 . 2012-07-21 11:19 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-21 11:19 . 2012-07-21 11:19 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-21 11:19 . 2012-07-21 11:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-21 11:17 . 2012-07-28 17:25 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-21 11:17 . 2012-07-21 11:35 -------- d-----w- c:\programdata\AVG2012
2012-07-21 11:17 . 2012-07-21 11:17 -------- d-----w- C:\$AVG
2012-07-21 11:10 . 2012-07-28 11:42 -------- d-----w- c:\programdata\MFAData
2012-07-21 11:10 . 2012-07-21 11:10 -------- d--h--w- c:\programdata\Common Files
2012-07-13 12:27 . 2012-07-13 12:27 -------- d-----w- c:\users\Craig\AppData\Local\adaware
2012-07-13 12:27 . 2012-07-28 11:37 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-12 12:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 12:32 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-12 11:11 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-09 16:12 . 2012-07-09 16:12 -------- d-----w- c:\program files\Orange
2012-07-09 14:22 . 2012-04-11 23:30 74344 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-07-09 14:22 . 2012-04-11 23:30 708200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-07-09 14:22 . 2012-04-11 23:30 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-07-08 23:56 . 2012-07-08 23:56 -------- d-----w- c:\programdata\GFI Software
2012-07-08 22:50 . 2012-07-08 22:50 -------- d-----w- c:\windows\system32\SPReview
2012-07-08 22:48 . 2012-07-08 22:48 -------- d-----w- c:\windows\system32\EventProviders
2012-07-04 14:20 . 2012-07-04 14:20 -------- d-----w- c:\users\Craig\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 15:51 . 2012-04-04 13:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 15:51 . 2011-05-22 20:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 12:34 . 2010-02-10 00:00 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-08 23:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-08 23:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-29 10:04 . 2012-07-20 11:30 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9187DEA-DF71-47AA-82F7-E7AB7A3C7E72}\mpengine.dll
2012-06-02 22:19 . 2012-06-21 16:05 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 16:06 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 16:06 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 16:06 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 16:05 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 16:06 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 16:05 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 16:05 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 16:05 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 11:25 . 2009-10-03 12:14 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-14 04:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 04:04 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 04:04 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 04:04 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-21 11:19 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-21 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Facebook Update"="c:\users\Craig\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Spotify Web Helper"="c:\users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-28 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2009-09-23 47104]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19968]
"CTHelper"="CTHELPER.EXE" [2009-09-23 19456]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AsioReg"="CTASIO.DLL" [2009-09-23 47104]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2011-03-02 77824]
"sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2011-06-01 1197192]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-21 1147488]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Run POPFile.lnk - c:\program files (x86)\POPFile\runpopfile.exe [2008-10-4 71160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1cc0b27bf130ca3;Google Update Service (gupdate1cc0b27bf130ca3);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 133104]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2009-09-23 158808]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2009-09-23 158808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-05 79360]
R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2010-02-17 79360]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2009-09-23 706648]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2009-09-23 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2009-09-23 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2009-09-23 141912]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2009-09-23 26328]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2009-09-23 681048]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2009-09-23 681048]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2009-12-14 139792]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-14 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 133104]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-14 32400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-13 129976]
R3 OXYGEN;Service for M-Audio Oxygen;c:\windows\system32\DRIVERS\MAudioOxygen.sys [2010-03-04 134664]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 54848]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-21 30568]
S2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;c:\program files (x86)\ASTRA32\ASTRA64.sys [2007-02-22 21200]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2011-03-03 23344]
S2 fsproflt;FSPro Filter Service;c:\windows\SysWOW64\fsproflt.exe [2009-05-03 73392]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 566704]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files (x86)\Avid\Mbox\AudioDevMon.exe [2010-10-07 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files (x86)\Avid\Mbox Mini\AudioDevMon.exe [2010-10-08 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files (x86)\Avid\Mbox Pro\AudioDevMon.exe [2010-10-08 1919504]
S2 OxygenAudioDevMon;Oxygen Audio Device Monitor;c:\program files (x86)\M-Audio\Oxygen\AudioDevMon.exe [2010-03-04 1632776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-06-01 1299080]
S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-07-21 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2011-02-13 194864]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2011-02-13 32944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 708200]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - inspect
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:51]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
- c:\users\Craig\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 16:30]
.
2012-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
- c:\users\Craig\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-09 16:30]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 14:02]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-29 14:02]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 16:09]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Craig\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2012-03-21 2143552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search with Wanadoo - c:\progra~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
FF - ProfilePath - c:\users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\ywv6g39o.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Fighters\SPAMfighter\sfus.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-07-28 23:31:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 22:31
.
Pre-Run: 133,219,270,656 bytes free
Post-Run: 132,719,947,776 bytes free
.
- - End Of File - - BE9379022CBB18C44F52063C1A34B899
  • 0

#20
Amlak
Posted 28 July 2012 - 08:18 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
You have to restart your computer to fix that error message.
  • 0

#21
Amlak
Posted 29 July 2012 - 01:59 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Concerning the Internet issue, it could be anything. Will get back to you on this soon.
  • 0

#22
Amlak
Posted 30 July 2012 - 01:39 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please paste the log in your next reply.

***

Download MiniToolBox Checkmark following boxes:


Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and paste the resultant log in your next reply.
  • 0

#23
dogbiscuit
Posted 30 July 2012 - 07:48 AM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Thanks for all you help so far. Here are the logs:

Farbar Service Scanner Version: 26-07-2012
Ran by Craig (administrator) on 30-07-2012 at 14:46:25
Running from "C:\Users\Craig\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#24
dogbiscuit
Posted 30 July 2012 - 07:49 AM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
MiniToolBox by Farbar Version: 23-07-2012
Ran by Craig (administrator) on 30-07-2012 at 14:44:16
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek PCI GBE Family Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Skynet
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCI GBE Family Controller
Physical Address. . . . . . . . . : 00-22-15-CC-20-99
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::48ae:18fc:4342:7de9%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 30 July 2012 14:41:12
Lease Expires . . . . . . . . . . : 31 July 2012 14:41:12
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335317
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-C2-0C-29-00-22-15-CC-20-99
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{83571F03-8694-4BB4-9D8C-1B94940B66D5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1895:f2e:fde7:b59(Preferred)
Link-local IPv6 Address . . . . . : fe80::1895:f2e:fde7:b59%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Livebox-AE40
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4009:808::100e
173.194.41.130
173.194.41.129
173.194.41.131
173.194.41.142
173.194.41.132
173.194.41.134
173.194.41.133
173.194.41.128
173.194.41.136
173.194.41.135
173.194.41.137


Pinging google.com [173.194.41.137] with 32 bytes of data:
Reply from 173.194.41.137: bytes=32 time=32ms TTL=53
Reply from 173.194.41.137: bytes=32 time=32ms TTL=53

Ping statistics for 173.194.41.137:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 32ms, Maximum = 32ms, Average = 32ms
Server: Livebox-AE40
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=658ms TTL=46
Reply from 98.139.183.24: bytes=32 time=765ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 658ms, Maximum = 765ms, Average = 711ms
Server: Livebox-AE40
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...00 22 15 cc 20 99 ......Realtek PCI GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.69 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.69 276
192.168.1.69 255.255.255.255 On-link 192.168.1.69 276
192.168.1.255 255.255.255.255 On-link 192.168.1.69 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.69 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.69 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 58 ::/0 On-link
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:5ef5:79fb:1895:f2e:fde7:b59/128
On-link
9 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::1895:f2e:fde7:b59/128
On-link
9 276 fe80::48ae:18fc:4342:7de9/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
9 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/30/2012 01:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22625

Error: (07/30/2012 01:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22625

Error: (07/30/2012 01:11:25 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2012 01:11:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20187

Error: (07/30/2012 01:11:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20187

Error: (07/30/2012 01:11:22 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2012 01:11:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18125

Error: (07/30/2012 01:11:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18125

Error: (07/30/2012 01:11:20 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/30/2012 01:11:18 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16015


System errors:
=============
Error: (07/30/2012 02:41:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/30/2012 02:29:25 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/30/2012 00:05:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/29/2012 06:27:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/29/2012 00:16:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/28/2012 11:25:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd
SBRE

Error: (07/28/2012 11:24:50 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%126

Error: (07/28/2012 11:22:18 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/28/2012 11:21:10 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/28/2012 11:18:04 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (12/09/2011 05:53:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 182 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Ableton Live v7.0.1
Ad-Aware Browsing Protection (Version: 0.9.0.2)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Audition 3.0 (Version: 3.0)
Adobe Audition 3.0 Vista Compatibility
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Drive CS4 x64 (Version: 1)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Fonts All x64 (Version: 2.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 9.5.1 (Version: 9.5.1)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Antares Auto-Tune v4.39
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
µTorrent (Version: 1.8.2)
µTorrent (Version: 3.1.0)
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AVG PC Tuneup (Version: 10.0.0.27)
Avid Audio Drivers (x64) (Version: 8.0.5)
Avid Mbox Driver 1.0.19 (x64) (Version: 1.0.19)
Avid Mbox Mini Driver 1.0.6 (x64) (Version: 1.0.6)
Avid Mbox Pro Driver 1.0.11 (x64) (Version: 1.0.11)
Avid Pro Tools Creative Collection 8.0.5 (Version: 8.0.5)
Avid Pro Tools LE 8.0.5 (Version: 8.0.5)
Bonjour (Version: 3.0.0.10)
CamStudio Lossless Codec
Camtasia Studio 3 (Version: 3.1)
CCleaner (Version: 3.21)
Celemony Melodyne Plugin VST RTAS v1.0
Connect (Version: 1.0.0.1)
Creative Audio Console
Creative Audio Console (Version: 1.32)
Creative Graphic Equalizer
Creative Speaker Settings
D3DX10 (Version: 15.4.2368.0902)
DDL and DTS Connect License Activation
Digidesign ElevenRack Driver 1.0.8 (x64) (Version: 1.0.8)
Dolby Digital Live Pack (Version: 3.00)
Dropbox (Version: 1.1.35)
DTS Connect Pack (Version: 1.00)
EWQL Orchestra Free Content Part 2 (Version: 1.0.0)
EWQL Orchestra Free Content Part 3 (Version: 1.0.0)
EWQL Orchestra Free Edition (Version: 1.2.5)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
FileZilla Client 3.5.1 (Version: 3.5.1)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
Free DigiRack Plug-Ins 8.0.5 (Version: 8.0.5)
Free YouTube Download 2.9
FriendBlasterPro
GetDataBack for NTFS (Version: 4.00.001)
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
Interlok driver setup x64 (Version: 5.8.13)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 4.0.0 (Full) (Version: 4.0.0)
kuler (Version: 2.0)
Lexmark Z700-P700 Series
M-Audio Legacy Keyboard Driver 5.0.0 (x64) (Version: 5.0.0)
M-Audio Oxygen Driver 1.2.1 (x64) (Version: 1.2.1)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 Premium (Version: 9.00.2720)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-GB) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Lockbox 2.8.2 (Version: 2.8.2)
Native Instruments Absynth 5 (Version: 5.0.0.829)
OpenAL
Opera 12.00 (Version: 12.00.1467)
PDF Settings CS4 (Version: 9.0)
Photoshop Camera Raw (Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
QuickTime (Version: 7.72.80.56)
Reaktor 5
RealPlayer
Rob Papen Albino 3
Runtime 8.0 Libraries (Version: 1.0.0.0)
Samsung New PC Studio (Version: 1.00.0000)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0)
SeaMonkey (2.0.4) (Version: 2.0.4 (en-US))
Skype™ 5.10 (Version: 5.10.116)
SmartFTP Client Setup Files 4.0 (x64) (remove only) (Version: 4.0)
SopCast 3.0.3 (Version: 3.0.3)
SoundFont Bank Manager
SPAMfighter (Version: 7.3.53)
SPAMfighter Client (Version: 7.3.53)
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.4.8)
Spotify (Version: 0.8.3.222.g317ab79d)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Suite Shared Configuration CS4 (Version: 1.0)
Tracktion 2.1.0.11
Tracktion 3.0.2.6
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 8.0.0.35)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Vodafone PC Assistant V1.8.15
Vodafone PC Suite V6.3.18
WaveMachine Labs Drumagog Platinum VST.RTAS.v5.0.1
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update

========================= Devices: ================================

Name: Creative SB Audigy 2 ZS (WDM)
Description: Creative Audigy Audio Processor (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative Technology, Ltd.
Service: ctaud2k
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Creative Game Port
Description: Creative Game Port
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative Technology Ltd.
Service: ctgame
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3583.18 MB
Available physical RAM: 1936 MB
Total Pagefile: 7164.55 MB
Available Pagefile: 5399.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.07 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.09 GB) (Free:132.77 GB) NTFS
3 Drive d: (Audio) (Fixed) (Total:298.09 GB) (Free:267.51 GB) NTFS
5 Drive f: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SKYNET

6B8172FAC3D84BD3A411 Administrator Craig
Guest


**** End of log ****
  • 0

#25
Amlak
Posted 31 July 2012 - 05:15 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
Hi, dogbiscuit. Uninstall Ad-Aware and let me know if this stops the Internet issue.

Also:

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs.

  • 0

Advertisements

#26
dogbiscuit
Posted 03 August 2012 - 01:52 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Hi, sorry for the delayed response. The email went into my spam folder.
Ok, I can't get OTL to generate an 'Extras' log. I tried clicking 'use safe list' and 'all' in 'Extra registry' but it doesn't produce one in quick scan mode. What do you suggest?
Thanks for all your time so far :)
  • 0

#27
dogbiscuit
Posted 03 August 2012 - 01:53 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Also I removed adaware and the internet hasn't dropped so far...
  • 0

#28
Amlak
Posted 03 August 2012 - 05:46 PM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
How long has it been since you removed Ad-Aware?

Don't worry about the Extras.txt log. Just post the OTL.txt one.
  • 0

#29
dogbiscuit
Posted 04 August 2012 - 04:50 PM

dogbiscuit

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
I removed adaware a couple of days ago. The internet drop outs have happened quite randomly so it's hard to say if it's stopped, but so far so good.
Oki doke, here's the log:


OTL logfile created on: 04/08/2012 23:14:24 - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Craig\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 60.99% Memory free
7.00 Gb Paging File | 5.54 Gb Available in Paging File | 79.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 139.84 Gb Free Space | 46.91% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 267.51 Gb Free Space | 89.74% Space Free | Partition Type: NTFS
Drive F: | 3.48 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SKYNET | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/03 00:19:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
PRC - [2012/07/28 17:42:44 | 001,193,176 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/21 12:19:31 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
PRC - [2012/07/21 12:19:29 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/21 14:22:32 | 002,143,552 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/01 11:45:58 | 001,299,080 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2011/06/01 11:45:31 | 000,215,688 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe
PRC - [2011/06/01 11:45:24 | 001,197,192 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe
PRC - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe
PRC - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe
PRC - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe
PRC - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
PRC - [2009/09/23 22:17:22 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2009/05/03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) -- C:\Windows\SysWOW64\fsproflt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/29 19:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/28 17:42:44 | 001,193,176 | ---- | M] () -- C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/21 12:19:32 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\SiteSafety.dll
MOD - [2012/07/21 12:19:29 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/03/28 14:03:48 | 002,020,416 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfse.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/01 11:45:52 | 000,549,512 | ---- | M] () -- C:\Program Files (x86)\Fighters\SPAMfighter\sfsg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/15 00:06:55 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2007/04/20 13:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2012/08/03 14:51:45 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/21 12:19:31 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/13 15:16:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/01 11:45:58 | 001,299,080 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011/06/01 11:45:31 | 000,215,688 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2011/03/03 00:08:50 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/03/02 23:30:44 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/10/08 13:51:46 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Mini\AudioDevMon.exe -- (MboxMiniAudioDevMon)
SRV - [2010/10/08 12:45:56 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox Pro\AudioDevMon.exe -- (MboxProAudioDevMon)
SRV - [2010/10/07 14:04:44 | 001,919,504 | ---- | M] (Avid) [Auto | Running] -- C:\Program Files (x86)\Avid\Mbox\AudioDevMon.exe -- (MboxAudioDevMon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 06:31:32 | 001,632,776 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe -- (OxygenAudioDevMon)
SRV - [2010/02/18 00:10:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2010/02/05 18:38:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/06/15 00:06:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/03 12:22:28 | 000,073,392 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\SysWOW64\fsproflt.exe -- (fsproflt)
SRV - [2008/12/29 19:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/20 13:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/21 12:19:33 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/12 00:30:00 | 000,708,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 12:40:10 | 000,023,344 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:64bit: - [2011/02/13 10:02:20 | 000,032,944 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgmbx2fu.sys -- (MBX2DFU)
DRV:64bit: - [2011/02/13 10:02:16 | 000,194,864 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgmbx2.sys -- (DGUSBAP)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010/03/04 06:31:30 | 000,134,664 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioOxygen.sys -- (OXYGEN)
DRV:64bit: - [2009/12/23 11:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009/12/14 22:54:12 | 000,032,400 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV:64bit: - [2009/12/14 22:53:52 | 000,139,792 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dalwdm.sys -- (dalwdmservice)
DRV:64bit: - [2009/09/24 00:07:34 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2009/09/24 00:07:24 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2009/09/24 00:07:16 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2009/09/24 00:07:06 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/09/24 00:06:48 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/09/24 00:06:40 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/09/24 00:06:32 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/09/24 00:06:10 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)
DRV:64bit: - [2009/09/24 00:06:02 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2009/09/24 00:05:52 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/09/24 00:03:12 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2009/09/24 00:03:12 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2009/09/24 00:03:04 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2009/09/24 00:03:04 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2009/09/24 00:02:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2009/09/24 00:02:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2009/09/24 00:02:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2009/09/24 00:02:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/13 16:45:20 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007/02/13 16:45:06 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007/02/13 16:44:56 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007/02/13 16:44:42 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007/02/13 16:44:28 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007/02/13 16:43:54 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007/02/13 16:43:44 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005/09/19 13:57:36 | 000,142,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (DCamUSBVM)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E CF 47 CB 2B 43 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-21 12:19:36&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E63D5E42-28DB-4D5E-8B11-902C89B549F0}: "URL" = http://search.orange...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Craig\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Craig\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Craig\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/21 12:17:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.20\ [2012/07/21 12:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/12 22:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/12 22:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2012/06/12 22:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.4\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2012/06/12 22:42:21 | 000,000,000 | ---D | M]

[2010/02/05 17:59:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2009/12/20 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2009/07/16 16:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/24 13:42:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\ywv6g39o.default\extensions
[2012/05/24 13:42:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Craig\AppData\Roaming\Mozilla\Firefox\Profiles\ywv6g39o.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/20 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\SeaMonkey\Profiles\rl2a7p91.default\extensions
[2011/12/05 17:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/13 15:16:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/13 15:16:42 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/07/21 12:19:27 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/09 18:49:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/13 15:16:42 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/13 15:16:42 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/13 15:16:45 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/05/13 15:16:42 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Craig\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Craig\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Craig\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/28 23:25:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Craig\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83571F03-8694-4BB4-9D8C-1B94940B66D5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/23 16:17:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/11 07:44:56 | 000,000,043 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 14:30:26 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{0602BE38-4BC8-4AB9-BFDA-F0C13F85AC32}
[2012/08/04 14:30:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{39E42600-8710-49C0-8EF7-CDA23DCEABAB}
[2012/08/03 13:39:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{283A6F8E-E038-408D-A8BA-1512DD04E40D}
[2012/08/03 13:39:36 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{B0A62FE8-60A8-46BF-A5CD-8862A66D4F74}
[2012/08/03 00:19:13 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/02 12:11:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{68210031-C28D-4956-9A58-0EA9989454E0}
[2012/08/02 12:10:51 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{63D08488-1F8F-4555-A331-4324449B1A63}
[2012/08/01 11:03:52 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{330F80C6-EDC0-4F1B-BB0D-86F503635D9C}
[2012/08/01 11:03:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{EEC1FDD2-D5C6-429F-88DE-A0324134164E}
[2012/07/31 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{62E5D3DE-1266-4E61-98BA-A3167862942F}
[2012/07/31 10:30:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CA8B2CE9-9594-4D96-BAA3-D120A564F627}
[2012/07/30 17:33:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Yahoo!
[2012/07/30 14:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012/07/30 13:46:32 | 000,751,391 | ---- | C] (Farbar) -- C:\Users\Craig\Desktop\MiniToolBox.exe
[2012/07/30 13:46:21 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Craig\Desktop\FSS.exe
[2012/07/30 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3208FBEE-2387-49A5-B5CE-1D9322E8C8D4}
[2012/07/30 13:44:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CF529B14-5C0F-45F7-83F2-B4C2D32ADBDF}
[2012/07/29 13:03:43 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5287A8B7-BFB3-4D59-BB48-1DB149A2F4A4}
[2012/07/29 13:03:31 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DC4CED39-D110-403A-9E66-C63F83B69AC3}
[2012/07/28 23:25:15 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/07/28 23:06:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/28 23:06:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/28 23:06:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/28 23:05:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/28 23:04:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/28 23:02:12 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/07/28 12:56:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{15DA6096-1ED0-48A0-82D6-AA4EC037D74E}
[2012/07/28 12:55:57 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{09FDCDEE-5F1C-4E47-A43A-F3045EF12085}
[2012/07/27 17:54:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{FC723F52-7F91-42BC-A44B-309F4A849E12}
[2012/07/27 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{0CCC10BD-0E07-4933-9BA5-1A1799615354}
[2012/07/26 08:12:38 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/21 12:36:55 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\AVG
[2012/07/21 12:25:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\AVG2012
[2012/07/21 12:20:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\AVG Secure Search
[2012/07/21 12:19:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/21 12:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/21 12:19:33 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/21 12:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/21 12:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/21 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/21 12:17:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/21 12:17:28 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/21 12:10:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/21 12:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/21 11:43:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C175A049-9E51-401D-BB7B-D6C3B5822DEE}
[2012/07/21 11:43:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5A2BFE95-2C53-4B9F-8C43-BE6C0004B8B8}
[2012/07/20 15:53:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D41FCAEA-0B33-45E9-AF84-B850C9B64339}
[2012/07/20 15:53:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BB218AD1-0606-4F69-8A24-0B3EC1C0D82D}
[2012/07/20 03:53:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C6B4A1C1-7E32-4C2F-BED6-CDCE40DAD8B9}
[2012/07/20 03:53:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BFE37052-D088-4B89-AE84-ABBC60BD959F}
[2012/07/19 11:39:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9B30001C-164D-4C30-B8F6-7E641E35914A}
[2012/07/19 11:38:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8A0305BD-6A30-4BE3-9018-11E2B216C67D}
[2012/07/18 13:25:13 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{E6E963E7-6F86-4CD4-9344-C10B79D92D68}
[2012/07/18 13:25:01 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2C6435B7-EB1F-4FD0-81A6-44CE69F50F3B}
[2012/07/17 13:23:56 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{54FE3B10-E228-4726-A18D-81B42CEDB7CD}
[2012/07/17 13:23:44 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{B4E2DC7A-7DF5-4AB4-B24C-4DBF4B65D2F6}
[2012/07/16 13:44:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4A1179CC-451F-4760-96DA-D3DA2E69E632}
[2012/07/16 13:44:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6C4E3EF7-24CB-455D-AC62-B01D0DACDA17}
[2012/07/16 01:28:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3FDEC473-030E-4A73-8C70-2F61C973D22F}
[2012/07/16 01:27:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{1B600151-7366-49F7-A42C-2FF4B5228D1C}
[2012/07/15 13:27:45 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5B5B0B7F-31B3-487A-A49B-9C5323658F7E}
[2012/07/15 13:27:34 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DE2E01D0-9B50-4292-AAEF-0086AB62E6C9}
[2012/07/15 01:27:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D41C8FE0-FC4E-42A9-80EB-BF6CD5C7DF62}
[2012/07/15 01:26:48 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{E41AE947-FF2F-4D36-97AE-0CA2B74EFEB6}
[2012/07/14 13:26:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{42041555-7956-4597-BDC3-42C5B07733D9}
[2012/07/14 13:26:10 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{F9B7AE34-61DD-4E19-B0CE-B623ABB11550}
[2012/07/13 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CBD61457-C28B-4F41-912B-AED81A81B37E}
[2012/07/13 12:27:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BF4A2945-10A0-41A4-B775-5241A5CE546D}
[2012/07/13 00:05:16 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D5AE4472-C1DE-466D-BFAB-E51D3C23DF6A}
[2012/07/13 00:05:05 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{97F6470B-A6D6-4F23-9FB5-E4497453404D}
[2012/07/12 12:04:46 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{50A1FCBD-1961-46BB-B7B2-1FE8BEA1244A}
[2012/07/12 12:04:33 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{112C2472-8768-494C-9E0C-2A88B1B39B5C}
[2012/07/11 13:13:16 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{F2226C85-06B3-43D6-AB62-A92A5A12A4AE}
[2012/07/11 13:13:05 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{79F3CCA2-C1A9-46A6-B89C-FB9625D5B1C0}
[2012/07/10 13:56:35 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DA53D716-3FCE-46A3-8BB3-060D0EA46A30}
[2012/07/10 13:56:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{50DF57F3-E0FA-4138-B2F1-0DEDE8236359}
[2012/07/09 22:08:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D2855C5B-6DC7-4791-871A-78DB1DBF424E}
[2012/07/09 22:07:48 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{32F7D816-52AD-411A-8047-949D143F5E77}
[2012/07/09 17:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Orange
[2012/07/09 15:22:32 | 000,708,200 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/07/09 00:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/07/08 23:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/08 23:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/07/08 13:21:57 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{920172E0-28D5-4223-A11F-D2C3C731CC90}
[2012/07/08 13:21:28 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{1A10B5A3-1577-407C-8737-492AA6975F9F}
[2012/07/07 14:06:05 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{E5091D74-BAFE-4946-A60F-9650CC68ABFE}
[2012/07/07 14:05:53 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7C7A4C53-44D4-4158-A737-D08223934579}
[2012/07/06 13:05:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{66E06143-E115-430E-9A93-0636409EA3D3}
[2012/07/06 13:05:26 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{573CFA48-299C-4928-ABC2-5C65ACA77D18}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/04 23:20:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/04 23:18:53 | 000,033,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 23:18:53 | 000,033,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 23:12:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/04 23:11:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 23:11:31 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 22:57:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 22:57:14 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
[2012/08/04 22:57:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
[2012/08/04 22:57:14 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
[2012/08/04 18:55:40 | 102,971,474 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 14:30:36 | 001,657,080 | ---- | M] () -- C:\Users\Craig\Desktop\IMG_0727.MOV
[2012/08/03 17:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
[2012/08/03 00:19:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/02 22:46:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/02 16:45:14 | 172,140,544 | ---- | M] () -- C:\Users\Craig\Documents\te_Screen_Stream.avi
[2012/08/02 14:08:28 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 14:08:28 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 14:08:28 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 14:25:58 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/30 13:46:33 | 000,751,391 | ---- | M] (Farbar) -- C:\Users\Craig\Desktop\MiniToolBox.exe
[2012/07/30 13:46:21 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Craig\Desktop\FSS.exe
[2012/07/28 23:25:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/28 23:02:18 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/07/28 18:43:12 | 000,804,213 | ---- | M] () -- C:\Users\Craig\Desktop\IMG_20120728_184310.jpg
[2012/07/28 18:25:10 | 000,058,374 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/28 13:51:33 | 000,025,088 | ---- | M] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/27 15:49:11 | 003,394,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/21 12:19:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/21 12:19:33 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/21 12:18:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2012/07/21 12:18:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2012/07/18 15:12:02 | 000,059,871 | ---- | M] () -- C:\Users\Craig\Desktop\thumb.jpg
[2012/07/15 02:01:44 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/07/09 21:53:40 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 18:55:40 | 102,971,474 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/04 14:30:34 | 001,657,080 | ---- | C] () -- C:\Users\Craig\Desktop\IMG_0727.MOV
[2012/08/02 16:45:11 | 172,140,544 | ---- | C] () -- C:\Users\Craig\Documents\te_Screen_Stream.avi
[2012/07/28 23:06:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/28 23:06:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/28 23:06:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/28 23:06:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/28 23:06:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/28 18:58:01 | 000,804,213 | ---- | C] () -- C:\Users\Craig\Desktop\IMG_20120728_184310.jpg
[2012/07/28 18:25:09 | 000,058,374 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/21 12:19:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/18 15:12:00 | 000,059,871 | ---- | C] () -- C:\Users\Craig\Desktop\thumb.jpg
[2012/07/15 02:01:44 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2011/12/10 15:37:03 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblinpa.dll
[2011/12/10 15:37:03 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxblcomx.dll
[2011/12/10 15:37:03 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBLinst.dll
[2011/12/10 15:37:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpmui.dll
[2011/12/10 15:37:02 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbliesc.dll
[2011/12/10 15:37:01 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblusb1.dll
[2011/12/10 15:37:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblserv.dll
[2011/12/10 15:37:00 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblppls.exe
[2011/12/10 15:37:00 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblprox.dll
[2011/12/10 15:36:59 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblhbn3.dll
[2011/12/10 15:36:59 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbllmpm.dll
[2011/12/10 15:36:59 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcoms.exe
[2011/12/10 15:36:59 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblih.exe
[2011/12/10 15:36:59 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblpplc.dll
[2011/12/10 15:36:58 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomc.dll
[2011/12/10 15:36:58 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcomm.dll
[2011/12/10 15:36:58 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxblcfg.exe
[2011/08/16 17:33:12 | 000,000,000 | ---- | C] () -- C:\Users\Craig\AppData\Local\{0AC93D72-9356-432E-91EE-B7D084250539}
[2011/04/24 23:45:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 23:45:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/24 17:11:23 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/01/24 17:10:48 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/01/24 17:10:45 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/01/24 17:10:45 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/24 17:10:45 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/01/24 17:10:44 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/11/10 23:42:50 | 000,000,035 | ---- | C] () -- C:\Windows\dice.ini
[2010/02/25 14:23:19 | 000,025,088 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 19:31:13 | 000,153,600 | ---- | C] () -- C:\Users\Craig\AppData\Roaming\SharedSettings.ccs

========== LOP Check ==========

[2011/12/18 15:31:55 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\3F5C936C6DB3FB7087E922194B07B701
[2010/07/28 15:52:51 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Ableton
[2012/07/21 12:38:28 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\AVG
[2012/07/21 12:25:38 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\AVG2012
[2010/02/14 19:30:49 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Cakewalk
[2010/02/05 17:58:48 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Canneverbe_Limited
[2010/02/05 17:58:48 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\CoffeeCup Software
[2011/03/01 14:43:52 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Digidesign
[2012/04/20 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DriverCure
[2011/11/14 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Dropbox
[2010/11/14 14:13:57 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Drumagog 5
[2010/10/05 11:49:00 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/06/17 15:18:15 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Fighters
[2011/11/16 23:11:35 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\FileZilla
[2010/02/05 17:58:48 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\GetRightToGo
[2010/02/05 17:58:48 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\KompoZer
[2010/07/15 21:21:21 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Leadertech
[2010/02/05 17:58:50 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\LimeWire
[2011/06/17 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\LiveKit
[2010/02/05 17:59:02 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Opera
[2010/02/20 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\PACE Anti-Piracy
[2012/04/20 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\ParetoLogic
[2010/02/21 14:54:14 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Propellerhead Software
[2011/04/14 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Samsung
[2010/02/05 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\SPAMfighter
[2012/08/03 17:36:52 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Spotify
[2010/07/12 16:35:27 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Structure
[2010/02/05 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Thinstall
[2010/02/21 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Tracktion
[2012/04/07 18:52:33 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Tracktion 3
[2010/07/15 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Trillium Lane
[2011/12/14 18:31:30 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\uTorrent
[2010/02/05 17:59:11 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Voxengo
[2010/11/01 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Windows Live Writer
[2012/08/03 17:35:00 | 000,000,904 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000Core.job
[2012/08/04 22:57:14 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3246986668-3641929785-1153965947-1000UA.job
[2012/06/16 13:09:42 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> C:\Users\Craig\Documents\cd template.pdf:KAVICHS
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1304 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ZcMchpRxZM2lNr8iw3FWl6
@Alternate Data Stream - 1302 bytes -> C:\ProgramData\Microsoft:H9gunSY2oVEBJrR8T1DAY2Np5
@Alternate Data Stream - 1258 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:cljO77IkAzDa0qBu
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC
@Alternate Data Stream - 1231 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ipnEUZJzYf9e5dwcxhQbyUqOexk
@Alternate Data Stream - 1202 bytes -> C:\ProgramData\Microsoft:raYbUrgggiliYrsLwG3bgxm
@Alternate Data Stream - 1196 bytes -> C:\ProgramData\Microsoft:ntizPTZpAk6D6hXPFAxCsL8WLKj
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:IRrMIt4FL0bjIKAVKtkA4rL
@Alternate Data Stream - 1136 bytes -> C:\ProgramData\Microsoft:piE57bDemQnlPaGKgWB7qierbkVE
@Alternate Data Stream - 1129 bytes -> C:\ProgramData\Microsoft:q47BEU6QYafQatq9DV2a
@Alternate Data Stream - 1119 bytes -> C:\ProgramData\Microsoft:CLbvzHtVjGwubWAhmeX9ofy
@Alternate Data Stream - 1058 bytes -> C:\Users\Craig\AppData\Local\jCaV5HoWNYv691:lZpZQFdzcXrXNoaWRYKg
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 1048 bytes -> C:\Program Files\Common Files\Microsoft Shared:cljO77IkAzDa0qBu

< End of report >
  • 0

#30
Amlak
Posted 05 August 2012 - 05:22 AM

Amlak

    Member 1K

  • Member
  • PipPipPipPip
  • 1,470 posts
This is personally up to you, but I recommend uninstalling µTorrent as it is a P2P program that's not safe to keep on your system. Even if the program itself is clean, files you download via this program may not be clean and may lead to further infections.

Make your decision concerning µTorrent and then do the following:

Warning This fix is only relevant for this system and no other, using it on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

If you have MalwareBytes' AntiMalware running in the background, please disable it for the duration of this fix.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
@Alternate Data Stream - 36 bytes -> C:\Users\Craig\Documents\cd template.pdf:KAVICHS
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 1304 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ZcMchpRxZM2lNr8iw3FWl6
@Alternate Data Stream - 1302 bytes -> C:\ProgramData\Microsoft:H9gunSY2oVEBJrR8T1DAY2Np5
@Alternate Data Stream - 1258 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:cljO77IkAzDa0qBu
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05D195EC
@Alternate Data Stream - 1231 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ipnEUZJzYf9e5dwcxhQbyUqOexk
@Alternate Data Stream - 1202 bytes -> C:\ProgramData\Microsoft:raYbUrgggiliYrsLwG3bgxm
@Alternate Data Stream - 1196 bytes -> C:\ProgramData\Microsoft:ntizPTZpAk6D6hXPFAxCsL8WLKj
@Alternate Data Stream - 1192 bytes -> C:\ProgramData\Microsoft:IRrMIt4FL0bjIKAVKtkA4rL
@Alternate Data Stream - 1136 bytes -> C:\ProgramData\Microsoft:piE57bDemQnlPaGKgWB7qierbkVE
@Alternate Data Stream - 1129 bytes -> C:\ProgramData\Microsoft:q47BEU6QYafQatq9DV2a
@Alternate Data Stream - 1119 bytes -> C:\ProgramData\Microsoft:CLbvzHtVjGwubWAhmeX9ofy
@Alternate Data Stream - 1058 bytes -> C:\Users\Craig\AppData\Local\jCaV5HoWNYv691:lZpZQFdzcXrXNoaWRYKg
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 1048 bytes -> C:\Program Files\Common Files\Microsoft Shared:cljO77IkAzDa0qBu
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

:FILES
C:\Users\Craig\AppData\Local\jCaV5HoWNYv691

:Commands
[EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log it produces in your next reply.

  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP