Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

A ReDirector and might be getanswers.com-need help

Started by craigoh , Aug 04 2012 05:14 PM

Please log in to reply

#1
craigoh

Posted 04 August 2012 - 05:14 PM

Member

Member
29 posts

Hello,

I have a browser redirector that sometimes happens. It also seems to be using a lot of my RAM(50-65%- while surfing and reading)

I think it is GETANSWERS.COM but I dont go to that site. A green arrow pops up and says redirect and sends me to a page that might or might not have anything to do with what I searched for. Sometimes the back button does not work on the browser as well.

I have tried to remove it but with no luck. I have AVG,and CC CLeaner. Then I used Spybot, slimcleaner and a couple other tools from CNET.

I noticed this a couple of weeks ago and it seems to correspond with an automatic JAVA update.

Please help,

Here is the OTL Log:

OTL logfile created on: 8/4/2012 6:53:08 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 41.82% Memory free
4.24 Gb Paging File | 2.75 Gb Available in Paging File | 64.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 140.48 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 836.10 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 18:52:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Downloads\OTL (1).exe
PRC - [2012/08/03 18:37:19 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/30 10:20:30 | 001,590,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/01/30 10:20:30 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe
PRC - [2007/02/15 21:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/27 20:28:39 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 18:37:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Craig\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/01/07 17:20:16 | 000,036,896 | ---- | M] (NVIDIA Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/10/24 17:40:42 | 000,036,640 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/04 11:01:04 | 000,366,080 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2008/01/19 01:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/19 01:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/08/09 21:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/02/23 17:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 6C DE 67 E6 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7SUNA
IE - HKCU\..\SearchScopes\{79E030FE-689A-4C54-A9BB-E288D75FA20C}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-27 20:28:39&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647
IE - HKCU\..\SearchScopes\{DE368A3A-DB0C-4539-8604-636A8B7A2672}: "URL" = http://search.speedb...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/09/05 07:44:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 16:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/18 11:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 16:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 20:28:42 | 000,000,000 | ---D | M]

[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUE6\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Adobe] C:\Users\Craig\AppData\Local\Amazon\Adobe\rofcvb.dll (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus Photo RX595 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [EPSON Stylus Photo RX595 Series (Copy 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444293C9-1C81-4331-9865-7AC0DC65EF32}: DhcpNameServer = 64.233.222.2 64.233.222.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A2E82B1-6B9C-46CC-9CC3-72BA26E08FC6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6997170c-db9c-11de-b3b4-00044b039dcf}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{8e905a94-0e69-11df-81f4-00044b039dcf}\Shell - "" = AutoRun
O33 - MountPoints2\{8e905a94-0e69-11df-81f4-00044b039dcf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{ffec17e5-5948-11df-a48e-00044b039dcf}\Shell - "" = AutoRun
O33 - MountPoints2\{ffec17e5-5948-11df-a48e-00044b039dcf}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2A3915AD-943F-4B13-A217-1D4D0BEBE7FE}
[2012/08/03 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CFF35C3-1728-47B2-8898-C24FCEBCD4CA}
[2012/08/02 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D2F8EEA8-5484-4FAD-8904-30EB0B5153FE}
[2012/08/02 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{980BCAC8-CCFA-4F8B-9279-3982C4550344}
[2012/08/01 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\IObit
[2012/08/01 20:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/01 18:47:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8317119-7132-44A4-967C-26C6D13EE307}
[2012/08/01 18:47:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ADF3C053-7DA7-4FD9-87B5-E20F674B6DA1}
[2012/07/31 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8BCD71D-C1EF-4B8D-9E3B-5AA947425614}
[2012/07/31 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5146EC9B-FD4A-4269-8CDB-68D79E170270}
[2012/07/30 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9707D26A-1BA1-4F0E-BC65-7CF535A8FAFB}
[2012/07/30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3320F901-6E00-4F83-8AA8-9821D6EE2F99}
[2012/07/29 06:48:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8C5FDDBA-FB63-4CBD-8D36-83C24C434417}
[2012/07/29 06:48:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2AC10057-9BFB-4F52-9098-C2D81DC6B54D}
[2012/07/27 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\AVG Secure Search
[2012/07/27 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 20:28:39 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/27 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/27 20:28:04 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\SlimWare Utilities Inc
[2012/07/27 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/07/27 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/27 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4636524E-6B04-4399-AD96-ABA4E7A86DA6}
[2012/07/27 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AE53CC9D-0852-4D98-85B6-777A82F6E3C0}
[2012/07/26 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{41F8845B-8784-4DC9-94A7-E0E00D0D5A15}
[2012/07/26 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{57728C0D-F8BD-465D-8B4B-741B67FF0E99}
[2012/07/25 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C357E529-4ED0-43F5-A6EC-AF12FE6272A6}
[2012/07/25 20:08:39 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CD24D88-1C28-4D43-88F9-32BF4533DBF9}
[2012/07/24 19:09:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C0D76B89-FE6E-4F0B-9514-2A18BBED7058}
[2012/07/24 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A4FF504A-8FE1-437D-9839-A7F4B23F6A60}
[2012/07/23 17:07:31 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{63629227-0574-49AF-964F-0A3D58A4CFE3}
[2012/07/23 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{EA0DCCCD-6168-4436-AA9E-E6B8364CF7B7}
[2012/07/22 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8A1102BB-982F-494B-8BDC-79F9B9BDD575}
[2012/07/22 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{87CCA8EF-166D-4E26-A845-F708E1D97E36}
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/22 05:22:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{817C50F8-1432-4A81-8E97-FE5691E7786B}
[2012/07/22 05:21:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{B550628C-CE79-4C28-9672-AE480A26A84C}
[2012/07/21 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CCBDE6B6-DDD2-42EA-8D02-C445308D0F7A}
[2012/07/21 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7FBAA820-320A-48A2-9ADC-C6C754D4B427}
[2012/07/21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5E129D2C-3133-4741-A856-1287BA4946BD}
[2012/07/20 16:48:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BB9C8E9E-BF97-4C2D-AF05-35D0472091DB}
[2012/07/20 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DE5A3967-2A02-4C35-97A5-0C6825220442}
[2012/07/18 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C4402C7E-2E57-4F6D-9970-F88BD9B9A634}
[2012/07/18 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7D85A0C7-A592-4C27-A635-18311B976E54}
[2012/07/18 11:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C78A88D8-1147-4B99-B43F-FDD0C520FA69}
[2012/07/17 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BAF457A5-D1BA-45E2-9FED-359040BD0DC5}
[2012/07/16 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BF73EEE7-DA26-42D0-AD46-548529DCF5F2}
[2012/07/16 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{FDEF4021-8B9E-4F47-8119-16DCEF21E07C}
[2012/07/15 07:25:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8B374A73-BB3F-48C8-8C33-95267B9E41DA}
[2012/07/15 07:24:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9847654A-C2AD-4E29-BEAE-76D64CED4DD2}
[2012/07/14 07:51:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{65069096-7FDF-4C45-97F6-13CEC8EA194F}
[2012/07/14 07:50:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6F724D7F-7BA8-487E-828C-C9B40C0A5473}
[2012/07/13 16:24:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4BE1E40F-ED79-4A1D-97BA-E3C063F58890}
[2012/07/13 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AB7C3D20-5A59-4F30-908B-0B009994722A}
[2012/07/12 17:18:48 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/12 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2C85D554-7574-4785-939D-6E8DA278D867}
[2012/07/12 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{59B467EB-5BFF-4B11-B4B8-FB3FE3DF239B}
[2012/07/11 15:22:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{89B63A17-69A2-4B7B-8781-E7788D4C2481}
[2012/07/11 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{78449B96-8D8D-44D9-B898-3250C17092AA}
[2012/07/10 19:07:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 19:02:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 19:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 19:02:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 19:02:23 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 19:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 19:02:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 17:17:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ED8A5AB3-14D3-400B-A973-48570F48A1D3}
[2012/07/10 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5696C26A-0279-4806-AAEF-8377A19E0188}
[2012/07/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A8E23F5B-9398-499E-91ED-338E06C66AA2}
[2012/07/09 17:15:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3796A2AB-D308-4F73-AD4C-2AFF7ED4A523}
[2012/07/08 09:42:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5DF98518-0A97-46F2-92DC-E77F81BEBCDA}
[2012/07/08 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{824F0134-C66A-430F-8A4F-B9E874145E44}
[2012/07/07 07:42:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7B868D7D-DAC9-4CE2-A471-A27D795BEBED}
[2012/07/07 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7BC40B97-2DD4-41E5-B8C1-87B3FFC2FAF3}
[2012/07/06 15:40:56 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{23632FC0-B341-4EC1-8953-70AF264840CD}
[2012/07/06 15:40:34 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CBF9D4E8-AD4D-49B9-9B71-E24753C8D07C}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/04 18:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/04 18:14:22 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 18:14:22 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 16:20:22 | 102,971,474 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/04 16:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 07:44:58 | 247,078,559 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/03 22:32:34 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/03 18:56:25 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/03 18:37:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 18:37:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/02 19:05:23 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:13:10 | 000,604,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 20:13:10 | 000,103,984 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 19:46:02 | 000,001,356 | ---- | M] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat
[2012/07/18 11:21:06 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 18:48:24 | 000,551,373 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/12 17:18:37 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/12 17:18:37 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/07/12 17:18:37 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/07/12 17:18:37 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/07/12 17:18:37 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/07/10 19:11:22 | 000,033,792 | ---- | M] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 07:44:58 | 247,078,559 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/02 19:05:07 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/11/27 10:16:02 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/03/20 11:41:16 | 000,033,792 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/20 11:35:27 | 000,001,356 | ---- | C] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

#2
RKinner

Posted 05 August 2012 - 12:38 AM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647
IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value found
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647
IE - HKCU\..\SearchScopes\{DE368A3A-DB0C-4539-8604-636A8B7A2672}: "URL" = http://search.speedb...q={searchTerms}
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUE6\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. This will also create a file winsock2.reg on your desktop. It is an insurance file. If you can't get on the Internet after the fix, try right clicking on the winsock2.reg and Merge then reboot. If that doesn't help then do a System Restore.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
craigoh

Posted 05 August 2012 - 04:25 PM

Member

Topic Starter
Member
29 posts

Ron, Thank you for your assistance and your time.

Here are the logs you asked for.

1.OTL the first run
Error: Unable to interpret <:OTLIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...tid=CT2559647IE - HKCU\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - No CLSID value foundIE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...tid=CT2559647IE - HKCU\..\SearchScopes\{DE368A3A-DB0C-4539-8604-636A8B7A2672}: "URL" = http://search.speedb...{searchTerms}O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O2 - BHO: (Gra> in the current context!
Error: Unable to interpret <bberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUE6\Grabber.dll (Speedbit Ltd.)O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plu> in the current context!
Error: Unable to interpret <g-in 1.6.0_33)O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab (Reg Error: Key error.)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CD060F93@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0F8F5844@Alternate Data Stream - 109 bytes -> C:\ProgramData\T> in the current context!
Error: Unable to interpret <EMP:010ADD2C:Commands[EMPTYFLASH][EMPTYJAVA][purity][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_085046

2. ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 08:58:53
-----------------------------
08:58:53.909 OS Version: Windows 6.0.6002 Service Pack 2
08:58:53.909 Number of processors: 4 586 0xF0B
08:58:53.910 ComputerName: CRAIG-PC UserName: Craig
08:59:14.869 Initialize success
09:01:30.373 AVAST engine defs: 12080500
09:01:49.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
09:01:49.923 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 6
09:01:49.924 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005b
09:01:49.926 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 6
09:01:49.942 Disk 0 MBR read successfully
09:01:49.944 Disk 0 MBR scan
09:01:49.948 Disk 0 Windows VISTA default MBR code
09:01:49.954 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
09:01:49.959 Disk 0 scanning sectors +625139712
09:01:50.034 Disk 0 scanning C:\Windows\system32\drivers
09:02:01.815 Service scanning
09:02:22.116 Modules scanning
09:02:28.264 AVAST engine scan C:\Windows
09:02:31.946 AVAST engine scan C:\Windows\system32
09:05:51.656 AVAST engine scan C:\Windows\system32\drivers
09:06:03.237 AVAST engine scan C:\Users\Craig
09:11:44.515 AVAST engine scan C:\ProgramData
09:13:33.185 Scan finished successfully
09:14:16.244 Disk 0 MBR has been saved successfully to "C:\Users\Craig\Desktop\MBR.dat"
09:14:16.247 The log file has been saved successfully to "C:\Users\Craig\Desktop\aswMBR log.txt"

3. Combofix
ComboFix 12-08-05.02 - Craig 08/05/2012 9:21.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1141 [GMT -4:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\users\Craig\AppData\Local\Amazon\Adobe\rofcvb.dll
c:\windows\jestertb.dll
c:\windows\system32\FF05DA0D.dll
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 13:29 . 2012-08-05 13:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-05 13:29 . 2012-08-05 13:29 -------- d-----w- c:\users\Sandi\AppData\Local\temp
2012-08-05 13:29 . 2012-08-05 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 13:29 . 2012-08-05 13:31 -------- d-----w- c:\users\Craig\AppData\Local\temp
2012-08-05 12:50 . 2012-08-05 12:50 -------- d-----w- C:\_OTL
2012-08-02 00:59 . 2012-08-02 00:59 -------- d-----w- c:\users\Craig\AppData\Roaming\IObit
2012-08-02 00:59 . 2012-08-02 00:59 -------- d-----w- c:\program files\IObit
2012-07-30 13:22 . 2012-07-30 13:22 -------- d-----w- c:\users\Sandi\AppData\Local\AVG Secure Search
2012-07-28 00:28 . 2012-07-28 00:28 -------- d-----w- c:\users\Craig\AppData\Local\AVG Secure Search
2012-07-28 00:28 . 2012-07-28 00:29 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-28 00:28 . 2012-07-28 00:28 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-07-28 00:28 . 2012-07-28 00:28 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-28 00:28 . 2012-07-28 00:28 -------- d-----w- c:\program files\AVG Secure Search
2012-07-28 00:28 . 2012-07-28 00:28 -------- d-----w- c:\users\Craig\AppData\Local\SlimWare Utilities Inc
2012-07-28 00:27 . 2012-08-03 22:31 -------- d-----w- c:\program files\SlimCleaner
2012-07-22 11:58 . 2012-07-28 10:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-22 11:58 . 2012-07-28 10:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-12 21:18 . 2012-07-12 21:18 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-10 23:07 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:17 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 21:17 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 21:17 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 21:17 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 21:17 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 21:16 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 22:37 . 2012-03-31 13:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 22:37 . 2011-05-20 22:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 21:18 . 2010-06-19 10:12 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-25 13:21 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 13:21 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 13:21 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 13:21 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-25 13:21 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-25 13:21 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-25 13:21 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-25 13:21 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-25 13:21 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:26 . 2012-06-05 21:08 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2012-06-05 21:08 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-06-05 21:08 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-06-05 21:08 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-06-05 21:08 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-06-05 21:08 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-06-05 21:07 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-03-13 22:14 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2011-08-10 21:14 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2011-08-10 21:14 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2007-12-12 00:06 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2007-12-12 00:06 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2011-04-08 02:45 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2011-04-08 02:45 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2009-05-01 04:07 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2011-04-08 02:44 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2011-04-08 02:44 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-11-18 22:17 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\TBUE6\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2010-08-08 15:13 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-28 00:28 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-28 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-01-30 1590888]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-16 4390912]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-23 81920]
"readericon10"="c:\program files\Multimedia Card Reader\readericon10.exe" [2007-05-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-28 1147488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Adobe - c:\users\Craig\AppData\Local\Amazon\Adobe\rofcvb.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-05 09:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-08-05 09:40:07
ComboFix-quarantined-files.txt 2012-08-05 13:40
.
Pre-Run: 150,395,809,792 bytes free
Post-Run: 153,370,021,888 bytes free
.
- - End Of File - - A4869A97AEDDF6430255E2C0509E93E1

4: TDDSSKILLER

09:44:11.0575 2368 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:44:11.0923 2368 ============================================================
09:44:11.0923 2368 Current date / time: 2012/08/05 09:44:11.0923
09:44:11.0923 2368 SystemInfo:
09:44:11.0923 2368
09:44:11.0923 2368 OS Version: 6.0.6002 ServicePack: 2.0
09:44:11.0923 2368 Product type: Workstation
09:44:11.0923 2368 ComputerName: CRAIG-PC
09:44:11.0924 2368 UserName: Craig
09:44:11.0924 2368 Windows directory: C:\Windows
09:44:11.0924 2368 System windows directory: C:\Windows
09:44:11.0924 2368 Processor architecture: Intel x86
09:44:11.0924 2368 Number of processors: 4
09:44:11.0924 2368 Page size: 0x1000
09:44:11.0924 2368 Boot type: Normal boot
09:44:11.0924 2368 ============================================================
09:44:12.0286 2368 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:44:12.0294 2368 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:44:12.0296 2368 ============================================================
09:44:12.0296 2368 \Device\Harddisk0\DR0:
09:44:12.0296 2368 MBR partitions:
09:44:12.0296 2368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:44:12.0296 2368 \Device\Harddisk1\DR1:
09:44:12.0296 2368 MBR partitions:
09:44:12.0296 2368 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
09:44:12.0296 2368 ============================================================
09:44:12.0319 2368 C: <-> \Device\Harddisk0\DR0\Partition0
09:44:12.0340 2368 E: <-> \Device\Harddisk1\DR1\Partition0
09:44:12.0340 2368 ============================================================
09:44:12.0340 2368 Initialize success
09:44:12.0340 2368 ============================================================
09:44:16.0082 0496 ============================================================
09:44:16.0082 0496 Scan started
09:44:16.0082 0496 Mode: Manual;
09:44:16.0082 0496 ============================================================
09:44:16.0572 0496 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
09:44:16.0573 0496 61883 - ok
09:44:16.0621 0496 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:44:16.0625 0496 ACPI - ok
09:44:16.0703 0496 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:44:16.0704 0496 AdobeARMservice - ok
09:44:16.0774 0496 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:44:16.0775 0496 AdobeFlashPlayerUpdateSvc - ok
09:44:16.0828 0496 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:44:16.0831 0496 adp94xx - ok
09:44:16.0868 0496 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:44:16.0870 0496 adpahci - ok
09:44:16.0925 0496 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:44:16.0927 0496 adpu160m - ok
09:44:16.0977 0496 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:44:16.0980 0496 adpu320 - ok
09:44:17.0009 0496 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:44:17.0010 0496 AeLookupSvc - ok
09:44:17.0036 0496 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
09:44:17.0036 0496 Afc - ok
09:44:17.0130 0496 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:44:17.0131 0496 AFD - ok
09:44:17.0170 0496 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:44:17.0171 0496 agp440 - ok
09:44:17.0197 0496 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:44:17.0199 0496 aic78xx - ok
09:44:17.0241 0496 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:44:17.0242 0496 ALG - ok
09:44:17.0263 0496 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:44:17.0264 0496 aliide - ok
09:44:17.0272 0496 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:44:17.0274 0496 amdagp - ok
09:44:17.0277 0496 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:44:17.0278 0496 amdide - ok
09:44:17.0310 0496 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:44:17.0311 0496 AmdK7 - ok
09:44:17.0316 0496 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:44:17.0317 0496 AmdK8 - ok
09:44:17.0341 0496 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:44:17.0343 0496 Appinfo - ok
09:44:17.0381 0496 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:44:17.0383 0496 arc - ok
09:44:17.0406 0496 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:44:17.0407 0496 arcsas - ok
09:44:17.0434 0496 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:44:17.0435 0496 AsyncMac - ok
09:44:17.0449 0496 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:44:17.0450 0496 atapi - ok
09:44:17.0486 0496 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:44:17.0490 0496 AudioEndpointBuilder - ok
09:44:17.0495 0496 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:44:17.0498 0496 Audiosrv - ok
09:44:17.0518 0496 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
09:44:17.0519 0496 Avc - ok
09:44:17.0541 0496 AVCSTRM (a25f0f39ac579fe899a7c8d67ecb157c) C:\Windows\system32\DRIVERS\avcstrm.sys
09:44:17.0542 0496 AVCSTRM - ok
09:44:18.0033 0496 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:44:18.0063 0496 AVGIDSAgent - ok
09:44:18.0245 0496 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:44:18.0248 0496 AVGIDSDriver - ok
09:44:18.0277 0496 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:44:18.0279 0496 AVGIDSFilter - ok
09:44:18.0291 0496 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
09:44:18.0292 0496 AVGIDSHX - ok
09:44:18.0311 0496 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:44:18.0312 0496 AVGIDSShim - ok
09:44:18.0349 0496 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
09:44:18.0352 0496 Avgldx86 - ok
09:44:18.0379 0496 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
09:44:18.0381 0496 Avgmfx86 - ok
09:44:18.0394 0496 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
09:44:18.0396 0496 Avgrkx86 - ok
09:44:18.0463 0496 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
09:44:18.0466 0496 Avgtdix - ok
09:44:18.0501 0496 avgtp (684de9d6e62bfb177aabed3c62fdeab3) C:\Windows\system32\drivers\avgtpx86.sys
09:44:18.0502 0496 avgtp - ok
09:44:18.0558 0496 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:44:18.0559 0496 avgwd - ok
09:44:18.0590 0496 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:44:18.0590 0496 Beep - ok
09:44:18.0636 0496 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:44:18.0641 0496 BFE - ok
09:44:18.0703 0496 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
09:44:18.0709 0496 BITS - ok
09:44:18.0779 0496 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:44:18.0782 0496 bowser - ok
09:44:18.0803 0496 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:44:18.0805 0496 BrFiltLo - ok
09:44:18.0813 0496 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:44:18.0815 0496 BrFiltUp - ok
09:44:18.0840 0496 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:44:18.0841 0496 Browser - ok
09:44:18.0880 0496 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:44:18.0882 0496 Brserid - ok
09:44:18.0916 0496 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:44:18.0918 0496 BrSerWdm - ok
09:44:18.0974 0496 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:44:18.0975 0496 BrUsbMdm - ok
09:44:19.0000 0496 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:44:19.0001 0496 BrUsbSer - ok
09:44:19.0016 0496 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:44:19.0017 0496 BTHMODEM - ok
09:44:19.0122 0496 catchme - ok
09:44:19.0149 0496 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:44:19.0151 0496 cdfs - ok
09:44:19.0200 0496 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:44:19.0202 0496 cdrom - ok
09:44:19.0233 0496 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:44:19.0235 0496 CertPropSvc - ok
09:44:19.0268 0496 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:44:19.0269 0496 circlass - ok
09:44:19.0315 0496 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:44:19.0319 0496 CLFS - ok
09:44:19.0382 0496 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:19.0384 0496 clr_optimization_v2.0.50727_32 - ok
09:44:19.0442 0496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:44:19.0443 0496 clr_optimization_v4.0.30319_32 - ok
09:44:19.0467 0496 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:44:19.0468 0496 cmdide - ok
09:44:19.0484 0496 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:44:19.0485 0496 Compbatt - ok
09:44:19.0488 0496 COMSysApp - ok
09:44:19.0497 0496 cpuz130 - ok
09:44:19.0519 0496 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:44:19.0520 0496 crcdisk - ok
09:44:19.0544 0496 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:44:19.0545 0496 Crusoe - ok
09:44:19.0582 0496 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
09:44:19.0583 0496 CryptSvc - ok
09:44:19.0647 0496 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:44:19.0652 0496 DcomLaunch - ok
09:44:19.0724 0496 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:44:19.0725 0496 DfsC - ok
09:44:19.0894 0496 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:44:19.0918 0496 DFSR - ok
09:44:20.0174 0496 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:44:20.0178 0496 Dhcp - ok
09:44:20.0271 0496 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:44:20.0272 0496 disk - ok
09:44:20.0330 0496 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:44:20.0332 0496 Dnscache - ok
09:44:20.0371 0496 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:44:20.0374 0496 dot3svc - ok
09:44:20.0410 0496 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:44:20.0413 0496 DPS - ok
09:44:20.0443 0496 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:44:20.0444 0496 drmkaud - ok
09:44:20.0498 0496 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:44:20.0506 0496 DXGKrnl - ok
09:44:20.0577 0496 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:44:20.0580 0496 E1G60 - ok
09:44:20.0623 0496 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:44:20.0624 0496 EapHost - ok
09:44:20.0652 0496 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:44:20.0655 0496 Ecache - ok
09:44:20.0714 0496 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:44:20.0718 0496 ehRecvr - ok
09:44:20.0741 0496 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:44:20.0743 0496 ehSched - ok
09:44:20.0761 0496 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:44:20.0762 0496 ehstart - ok
09:44:20.0810 0496 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:44:20.0815 0496 elxstor - ok
09:44:20.0889 0496 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:44:20.0896 0496 EMDMgmt - ok
09:44:20.0960 0496 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:44:20.0962 0496 EventSystem - ok
09:44:21.0014 0496 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:44:21.0017 0496 exfat - ok
09:44:21.0071 0496 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:44:21.0074 0496 fastfat - ok
09:44:21.0120 0496 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:44:21.0121 0496 fdc - ok
09:44:21.0133 0496 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:44:21.0135 0496 fdPHost - ok
09:44:21.0153 0496 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:44:21.0155 0496 FDResPub - ok
09:44:21.0186 0496 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:44:21.0187 0496 FileInfo - ok
09:44:21.0212 0496 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:44:21.0213 0496 Filetrace - ok
09:44:21.0233 0496 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:44:21.0235 0496 flpydisk - ok
09:44:21.0259 0496 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:44:21.0262 0496 FltMgr - ok
09:44:21.0366 0496 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:44:21.0377 0496 FontCache - ok
09:44:21.0411 0496 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:44:21.0413 0496 FontCache3.0.0.0 - ok
09:44:21.0441 0496 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:44:21.0487 0496 Fs_Rec - ok
09:44:21.0515 0496 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:44:21.0517 0496 gagp30kx - ok
09:44:21.0565 0496 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:44:21.0573 0496 gpsvc - ok
09:44:21.0619 0496 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:44:21.0623 0496 HdAudAddService - ok
09:44:21.0694 0496 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:44:21.0702 0496 HDAudBus - ok
09:44:21.0716 0496 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:44:21.0718 0496 HidBth - ok
09:44:21.0735 0496 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:44:21.0736 0496 HidIr - ok
09:44:21.0764 0496 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
09:44:21.0766 0496 hidserv - ok
09:44:21.0787 0496 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:44:21.0788 0496 HidUsb - ok
09:44:21.0814 0496 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:44:21.0816 0496 hkmsvc - ok
09:44:21.0858 0496 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:44:21.0859 0496 HpCISSs - ok
09:44:21.0905 0496 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:44:21.0911 0496 HTTP - ok
09:44:21.0931 0496 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:44:21.0933 0496 i2omp - ok
09:44:21.0971 0496 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:44:21.0972 0496 i8042prt - ok
09:44:21.0993 0496 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:44:21.0997 0496 iaStorV - ok
09:44:22.0133 0496 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:44:22.0182 0496 idsvc - ok
09:44:22.0208 0496 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:44:22.0210 0496 iirsp - ok
09:44:22.0254 0496 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:44:22.0260 0496 IKEEXT - ok
09:44:22.0421 0496 IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
09:44:22.0444 0496 IntcAzAudAddService - ok
09:44:22.0599 0496 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:44:22.0601 0496 intelide - ok
09:44:22.0627 0496 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:44:22.0629 0496 intelppm - ok
09:44:22.0655 0496 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:44:22.0657 0496 IPBusEnum - ok
09:44:22.0696 0496 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:44:22.0698 0496 IpFilterDriver - ok
09:44:22.0730 0496 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:44:22.0734 0496 iphlpsvc - ok
09:44:22.0752 0496 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:44:22.0754 0496 IPMIDRV - ok
09:44:22.0789 0496 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:44:22.0791 0496 IPNAT - ok
09:44:22.0816 0496 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:44:22.0817 0496 IRENUM - ok
09:44:22.0840 0496 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:44:22.0841 0496 isapnp - ok
09:44:22.0886 0496 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:44:22.0889 0496 iScsiPrt - ok
09:44:22.0906 0496 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:44:22.0908 0496 iteatapi - ok
09:44:22.0920 0496 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:44:22.0922 0496 iteraid - ok
09:44:22.0949 0496 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:44:22.0950 0496 kbdclass - ok
09:44:22.0959 0496 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
09:44:22.0960 0496 kbdhid - ok
09:44:22.0986 0496 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:44:22.0987 0496 KeyIso - ok
09:44:23.0025 0496 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
09:44:23.0031 0496 KSecDD - ok
09:44:23.0077 0496 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:44:23.0083 0496 KtmRm - ok
09:44:23.0108 0496 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
09:44:23.0112 0496 LanmanServer - ok
09:44:23.0162 0496 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:44:23.0167 0496 LanmanWorkstation - ok
09:44:23.0197 0496 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:44:23.0199 0496 lltdio - ok
09:44:23.0237 0496 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:44:23.0241 0496 lltdsvc - ok
09:44:23.0279 0496 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:44:23.0281 0496 lmhosts - ok
09:44:23.0311 0496 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:44:23.0313 0496 LSI_FC - ok
09:44:23.0338 0496 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:44:23.0340 0496 LSI_SAS - ok
09:44:23.0357 0496 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:44:23.0359 0496 LSI_SCSI - ok
09:44:23.0382 0496 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:44:23.0385 0496 luafv - ok
09:44:23.0467 0496 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
09:44:23.0471 0496 MatSvc - ok
09:44:23.0500 0496 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:44:23.0503 0496 Mcx2Svc - ok
09:44:23.0540 0496 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:44:23.0541 0496 megasas - ok
09:44:23.0578 0496 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:44:23.0581 0496 MMCSS - ok
09:44:23.0610 0496 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:44:23.0611 0496 Modem - ok
09:44:23.0644 0496 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:44:23.0646 0496 monitor - ok
09:44:23.0667 0496 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:44:23.0669 0496 mouclass - ok
09:44:23.0684 0496 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:44:23.0685 0496 mouhid - ok
09:44:23.0707 0496 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:44:23.0709 0496 MountMgr - ok
09:44:23.0732 0496 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:44:23.0734 0496 mpio - ok
09:44:23.0752 0496 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:44:23.0754 0496 mpsdrv - ok
09:44:23.0796 0496 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:44:23.0801 0496 MpsSvc - ok
09:44:23.0823 0496 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:44:23.0824 0496 Mraid35x - ok
09:44:23.0851 0496 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:44:23.0853 0496 MRxDAV - ok
09:44:23.0922 0496 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:44:23.0977 0496 mrxsmb - ok
09:44:24.0017 0496 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:44:24.0020 0496 mrxsmb10 - ok
09:44:24.0041 0496 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:44:24.0099 0496 mrxsmb20 - ok
09:44:24.0125 0496 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:44:24.0127 0496 msahci - ok
09:44:24.0138 0496 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:44:24.0139 0496 msdsm - ok
09:44:24.0186 0496 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:44:24.0189 0496 MSDTC - ok
09:44:24.0242 0496 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
09:44:24.0243 0496 MSDV - ok
09:44:24.0276 0496 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:44:24.0278 0496 Msfs - ok
09:44:24.0298 0496 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:44:24.0300 0496 msisadrv - ok
09:44:24.0335 0496 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:44:24.0338 0496 MSiSCSI - ok
09:44:24.0363 0496 msiserver - ok
09:44:24.0382 0496 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:44:24.0384 0496 MSKSSRV - ok
09:44:24.0419 0496 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:44:24.0421 0496 MSPCLOCK - ok
09:44:24.0436 0496 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:44:24.0437 0496 MSPQM - ok
09:44:24.0464 0496 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:44:24.0467 0496 MsRPC - ok
09:44:24.0490 0496 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:44:24.0491 0496 mssmbios - ok
09:44:24.0531 0496 MSTAPE (92b0e43b54ebff026451df3dd142129d) C:\Windows\system32\DRIVERS\mstape.sys
09:44:24.0532 0496 MSTAPE - ok
09:44:24.0554 0496 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:44:24.0555 0496 MSTEE - ok
09:44:24.0569 0496 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:44:24.0570 0496 Mup - ok
09:44:24.0607 0496 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:44:24.0612 0496 napagent - ok
09:44:24.0653 0496 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:44:24.0656 0496 NativeWifiP - ok
09:44:24.0703 0496 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:44:24.0706 0496 NDIS - ok
09:44:24.0744 0496 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:44:24.0745 0496 NdisTapi - ok
09:44:24.0772 0496 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:44:24.0773 0496 Ndisuio - ok
09:44:24.0795 0496 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:44:24.0798 0496 NdisWan - ok
09:44:24.0829 0496 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:44:24.0831 0496 NDProxy - ok
09:44:24.0837 0496 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:44:24.0839 0496 NetBIOS - ok
09:44:24.0866 0496 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:44:24.0870 0496 netbt - ok
09:44:24.0902 0496 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:44:24.0903 0496 Netlogon - ok
09:44:24.0936 0496 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:44:24.0939 0496 Netman - ok
09:44:24.0968 0496 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:44:24.0972 0496 netprofm - ok
09:44:25.0039 0496 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:44:25.0041 0496 NetTcpPortSharing - ok
09:44:25.0090 0496 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:44:25.0091 0496 nfrd960 - ok
09:44:25.0118 0496 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:44:25.0122 0496 NlaSvc - ok
09:44:25.0146 0496 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:44:25.0147 0496 Npfs - ok
09:44:25.0165 0496 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:44:25.0167 0496 nsi - ok
09:44:25.0193 0496 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:44:25.0195 0496 nsiproxy - ok
09:44:25.0281 0496 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:44:25.0288 0496 Ntfs - ok
09:44:25.0298 0496 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:44:25.0299 0496 ntrigdigi - ok
09:44:25.0313 0496 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:44:25.0313 0496 Null - ok
09:44:25.0399 0496 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:44:25.0412 0496 NVENETFD - ok
09:44:26.0158 0496 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:44:26.0356 0496 nvlddmkm - ok
09:44:26.0404 0496 NVR0Dev (db5e53f6cb89f625961d8424904f7817) C:\Windows\nvoclock.sys
09:44:26.0405 0496 NVR0Dev - ok
09:44:26.0421 0496 NVR0FLASHDev (d429e370a8581b80a3eaadfd88ce867b) C:\Windows\nvflash.sys
09:44:26.0423 0496 NVR0FLASHDev - ok
09:44:26.0567 0496 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:44:26.0569 0496 nvraid - ok
09:44:26.0590 0496 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:44:26.0591 0496 nvstor - ok
09:44:26.0627 0496 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
09:44:26.0628 0496 nvstor32 - ok
09:44:26.0721 0496 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
09:44:26.0726 0496 nvsvc - ok
09:44:26.0897 0496 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:44:26.0904 0496 nvUpdatusService - ok
09:44:27.0035 0496 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:44:27.0037 0496 nv_agp - ok
09:44:27.0102 0496 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:44:27.0108 0496 odserv - ok
09:44:27.0150 0496 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:44:27.0152 0496 ohci1394 - ok
09:44:27.0192 0496 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:44:27.0195 0496 ose - ok
09:44:27.0252 0496 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:44:27.0261 0496 p2pimsvc - ok
09:44:27.0267 0496 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:44:27.0272 0496 p2psvc - ok
09:44:27.0289 0496 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:44:27.0292 0496 Parport - ok
09:44:27.0314 0496 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
09:44:27.0316 0496 partmgr - ok
09:44:27.0341 0496 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:44:27.0343 0496 Parvdm - ok
09:44:27.0366 0496 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:44:27.0369 0496 PcaSvc - ok
09:44:27.0397 0496 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:44:27.0400 0496 pci - ok
09:44:27.0422 0496 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:44:27.0423 0496 pciide - ok
09:44:27.0437 0496 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:44:27.0439 0496 pcmcia - ok
09:44:27.0490 0496 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:44:27.0501 0496 PEAUTH - ok
09:44:27.0649 0496 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:44:27.0667 0496 pla - ok
09:44:27.0764 0496 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:44:27.0769 0496 PlugPlay - ok
09:44:27.0819 0496 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:44:27.0824 0496 PNRPAutoReg - ok
09:44:27.0830 0496 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:44:27.0835 0496 PNRPsvc - ok
09:44:27.0884 0496 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:44:27.0889 0496 PolicyAgent - ok
09:44:27.0938 0496 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:44:27.0940 0496 PptpMiniport - ok
09:44:27.0967 0496 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:44:27.0968 0496 Processor - ok
09:44:28.0000 0496 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:44:28.0005 0496 ProfSvc - ok
09:44:28.0059 0496 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:44:28.0061 0496 ProtectedStorage - ok
09:44:28.0086 0496 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:44:28.0088 0496 PSched - ok
09:44:28.0148 0496 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:44:28.0157 0496 ql2300 - ok
09:44:28.0204 0496 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:44:28.0207 0496 ql40xx - ok
09:44:28.0269 0496 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:44:28.0273 0496 QWAVE - ok
09:44:28.0322 0496 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:44:28.0323 0496 QWAVEdrv - ok
09:44:28.0349 0496 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:44:28.0350 0496 RasAcd - ok
09:44:28.0378 0496 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:44:28.0382 0496 RasAuto - ok
09:44:28.0440 0496 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:44:28.0442 0496 Rasl2tp - ok
09:44:28.0509 0496 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:44:28.0513 0496 RasMan - ok
09:44:28.0562 0496 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:28.0564 0496 RasPppoe - ok
09:44:28.0609 0496 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:44:28.0611 0496 RasSstp - ok
09:44:28.0683 0496 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:44:28.0687 0496 rdbss - ok
09:44:28.0690 0496 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:28.0692 0496 RDPCDD - ok
09:44:28.0720 0496 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:44:28.0723 0496 rdpdr - ok
09:44:28.0727 0496 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:44:28.0728 0496 RDPENCDD - ok
09:44:28.0760 0496 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
09:44:28.0764 0496 RDPWD - ok
09:44:28.0787 0496 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:44:28.0789 0496 RemoteAccess - ok
09:44:28.0819 0496 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:44:28.0822 0496 RemoteRegistry - ok
09:44:28.0840 0496 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:44:28.0842 0496 RpcLocator - ok
09:44:28.0876 0496 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
09:44:28.0881 0496 RpcSs - ok
09:44:28.0909 0496 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:44:28.0911 0496 rspndr - ok
09:44:28.0971 0496 RTL85n86 (82605dda35bf26c45bfc46f6be488a66) C:\Windows\system32\DRIVERS\RTL85n86.sys
09:44:28.0976 0496 RTL85n86 - ok
09:44:29.0016 0496 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:44:29.0018 0496 SamSs - ok
09:44:29.0042 0496 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:44:29.0044 0496 sbp2port - ok
09:44:29.0072 0496 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:44:29.0075 0496 SCardSvr - ok
09:44:29.0156 0496 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:44:29.0161 0496 Schedule - ok
09:44:29.0189 0496 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:44:29.0190 0496 SCPolicySvc - ok
09:44:29.0215 0496 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:44:29.0218 0496 SDRSVC - ok
09:44:29.0235 0496 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:44:29.0236 0496 secdrv - ok
09:44:29.0312 0496 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:44:29.0314 0496 seclogon - ok
09:44:29.0340 0496 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
09:44:29.0343 0496 SENS - ok
09:44:29.0357 0496 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:44:29.0358 0496 Serenum - ok
09:44:29.0394 0496 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:44:29.0396 0496 Serial - ok
09:44:29.0427 0496 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:44:29.0428 0496 sermouse - ok
09:44:29.0453 0496 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:44:29.0456 0496 SessionEnv - ok
09:44:29.0467 0496 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:44:29.0469 0496 sffdisk - ok
09:44:29.0479 0496 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:44:29.0480 0496 sffp_mmc - ok
09:44:29.0491 0496 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:44:29.0493 0496 sffp_sd - ok
09:44:29.0500 0496 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:44:29.0502 0496 sfloppy - ok
09:44:29.0527 0496 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:44:29.0531 0496 SharedAccess - ok
09:44:29.0595 0496 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:44:29.0598 0496 ShellHWDetection - ok
09:44:29.0614 0496 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:44:29.0615 0496 sisagp - ok
09:44:29.0640 0496 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:44:29.0641 0496 SiSRaid2 - ok
09:44:29.0672 0496 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:44:29.0675 0496 SiSRaid4 - ok
09:44:29.0878 0496 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:44:29.0896 0496 slsvc - ok
09:44:30.0017 0496 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:44:30.0019 0496 SLUINotify - ok
09:44:30.0095 0496 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:44:30.0097 0496 Smb - ok
09:44:30.0163 0496 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:44:30.0166 0496 SNMPTRAP - ok
09:44:30.0180 0496 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:44:30.0182 0496 spldr - ok
09:44:30.0245 0496 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:44:30.0248 0496 Spooler - ok
09:44:30.0286 0496 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:44:30.0307 0496 srv - ok
09:44:30.0362 0496 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:44:30.0416 0496 srv2 - ok
09:44:30.0440 0496 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:44:30.0466 0496 srvnet - ok
09:44:30.0490 0496 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:44:30.0493 0496 SSDPSRV - ok
09:44:30.0544 0496 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:44:30.0548 0496 SstpSvc - ok
09:44:30.0629 0496 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:44:30.0631 0496 Stereo Service - ok
09:44:30.0679 0496 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:44:30.0684 0496 stisvc - ok
09:44:30.0705 0496 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:44:30.0706 0496 swenum - ok
09:44:30.0748 0496 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:44:30.0753 0496 swprv - ok
09:44:30.0789 0496 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:44:30.0790 0496 Symc8xx - ok
09:44:30.0815 0496 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:44:30.0816 0496 Sym_hi - ok
09:44:30.0845 0496 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:44:30.0846 0496 Sym_u3 - ok
09:44:30.0902 0496 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:44:30.0911 0496 SysMain - ok
09:44:30.0932 0496 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:44:30.0935 0496 TabletInputService - ok
09:44:30.0978 0496 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:44:30.0981 0496 TapiSrv - ok
09:44:31.0010 0496 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:44:31.0013 0496 TBS - ok
09:44:31.0074 0496 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
09:44:31.0079 0496 Tcpip - ok
09:44:31.0089 0496 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
09:44:31.0094 0496 Tcpip6 - ok
09:44:31.0133 0496 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:44:31.0135 0496 tcpipreg - ok
09:44:31.0155 0496 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:44:31.0156 0496 TDPIPE - ok
09:44:31.0181 0496 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:44:31.0182 0496 TDTCP - ok
09:44:31.0193 0496 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:44:31.0194 0496 tdx - ok
09:44:31.0212 0496 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:44:31.0214 0496 TermDD - ok
09:44:31.0253 0496 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:44:31.0257 0496 TermService - ok
09:44:31.0334 0496 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:44:31.0338 0496 Themes - ok
09:44:31.0393 0496 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:44:31.0395 0496 THREADORDER - ok
09:44:31.0425 0496 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:44:31.0428 0496 TrkWks - ok
09:44:31.0474 0496 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:44:31.0475 0496 TrustedInstaller - ok
09:44:31.0501 0496 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:44:31.0502 0496 tssecsrv - ok
09:44:31.0516 0496 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:44:31.0518 0496 tunmp - ok
09:44:31.0533 0496 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:44:31.0535 0496 tunnel - ok
09:44:31.0558 0496 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:44:31.0559 0496 uagp35 - ok
09:44:31.0582 0496 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:44:31.0585 0496 udfs - ok
09:44:31.0611 0496 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:44:31.0614 0496 UI0Detect - ok
09:44:31.0624 0496 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:44:31.0625 0496 uliagpkx - ok
09:44:31.0649 0496 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:44:31.0653 0496 uliahci - ok
09:44:31.0664 0496 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:44:31.0666 0496 UlSata - ok
09:44:31.0680 0496 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:44:31.0683 0496 ulsata2 - ok
09:44:31.0711 0496 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:44:31.0713 0496 umbus - ok
09:44:31.0764 0496 UpdateCenterService - ok
09:44:31.0794 0496 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:44:31.0797 0496 upnphost - ok
09:44:31.0827 0496 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:44:31.0829 0496 usbaudio - ok
09:44:31.0850 0496 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:44:31.0853 0496 usbccgp - ok
09:44:31.0879 0496 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:44:31.0881 0496 usbcir - ok
09:44:31.0911 0496 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:44:31.0913 0496 usbehci - ok
09:44:31.0942 0496 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:44:31.0945 0496 usbhub - ok
09:44:31.0956 0496 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:44:31.0958 0496 usbohci - ok
09:44:31.0980 0496 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:44:31.0982 0496 usbprint - ok
09:44:32.0015 0496 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:44:32.0016 0496 usbscan - ok
09:44:32.0032 0496 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:44:32.0034 0496 USBSTOR - ok
09:44:32.0051 0496 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:44:32.0052 0496 usbuhci - ok
09:44:32.0076 0496 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:44:32.0079 0496 UxSms - ok
09:44:32.0117 0496 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:44:32.0124 0496 vds - ok
09:44:32.0177 0496 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:44:32.0178 0496 vga - ok
09:44:32.0205 0496 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:44:32.0207 0496 VgaSave - ok
09:44:32.0227 0496 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:44:32.0228 0496 viaagp - ok
09:44:32.0252 0496 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:44:32.0254 0496 ViaC7 - ok
09:44:32.0281 0496 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:44:32.0282 0496 viaide - ok
09:44:32.0343 0496 VideoAcceleratorService - ok
09:44:32.0419 0496 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:44:32.0421 0496 volmgr - ok
09:44:32.0463 0496 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:44:32.0468 0496 volmgrx - ok
09:44:32.0528 0496 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:44:32.0531 0496 volsnap - ok
09:44:32.0599 0496 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:44:32.0601 0496 vsmraid - ok
09:44:32.0727 0496 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:44:32.0741 0496 VSS - ok
09:44:32.0855 0496 vToolbarUpdater12.1.5 (3da649c6ec481d8f36b54f33fc01dd1e) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
09:44:32.0859 0496 vToolbarUpdater12.1.5 - ok
09:44:32.0925 0496 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:44:32.0929 0496 W32Time - ok
09:44:32.0994 0496 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:44:32.0995 0496 WacomPen - ok
09:44:33.0030 0496 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:44:33.0032 0496 Wanarp - ok
09:44:33.0034 0496 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:44:33.0035 0496 Wanarpv6 - ok
09:44:33.0115 0496 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:44:33.0122 0496 wcncsvc - ok
09:44:33.0175 0496 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:44:33.0178 0496 WcsPlugInService - ok
09:44:33.0242 0496 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:44:33.0243 0496 Wd - ok
09:44:33.0286 0496 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:44:33.0293 0496 Wdf01000 - ok
09:44:33.0467 0496 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:44:33.0470 0496 WdiServiceHost - ok
09:44:33.0473 0496 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:44:33.0475 0496 WdiSystemHost - ok
09:44:33.0504 0496 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:44:33.0508 0496 WebClient - ok
09:44:33.0563 0496 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:44:33.0567 0496 Wecsvc - ok
09:44:33.0629 0496 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:44:33.0631 0496 wercplsupport - ok
09:44:33.0692 0496 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:44:33.0696 0496 WerSvc - ok
09:44:33.0782 0496 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:44:33.0785 0496 WinDefend - ok
09:44:33.0790 0496 WinHttpAutoProxySvc - ok
09:44:33.0869 0496 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:44:33.0872 0496 Winmgmt - ok
09:44:33.0950 0496 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:44:33.0966 0496 WinRM - ok
09:44:34.0015 0496 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:44:34.0023 0496 Wlansvc - ok
09:44:34.0161 0496 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:44:34.0170 0496 wlidsvc - ok
09:44:34.0268 0496 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:44:34.0269 0496 WmiAcpi - ok
09:44:34.0317 0496 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:44:34.0319 0496 wmiApSrv - ok
09:44:34.0401 0496 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:44:34.0411 0496 WMPNetworkSvc - ok
09:44:34.0424 0496 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:44:34.0429 0496 WPCSvc - ok
09:44:34.0491 0496 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:44:34.0494 0496 WPDBusEnum - ok
09:44:34.0548 0496 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:44:34.0550 0496 WpdUsb - ok
09:44:34.0650 0496 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:44:34.0657 0496 WPFFontCache_v0400 - ok
09:44:34.0679 0496 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:44:34.0680 0496 ws2ifsl - ok
09:44:34.0706 0496 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
09:44:34.0710 0496 wscsvc - ok
09:44:34.0714 0496 WSearch - ok
09:44:34.0832 0496 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:44:34.0855 0496 wuauserv - ok
09:44:35.0026 0496 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:44:35.0029 0496 WUDFRd - ok
09:44:35.0066 0496 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:44:35.0069 0496 wudfsvc - ok
09:44:35.0181 0496 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:44:35.0391 0496 \Device\Harddisk0\DR0 - ok
09:44:35.0408 0496 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
09:44:35.0411 0496 \Device\Harddisk1\DR1 - ok
09:44:35.0415 0496 Boot (0x1200) (1d0be371beb444d1d3006d9281e0f8b6) \Device\Harddisk0\DR0\Partition0
09:44:35.0417 0496 \Device\Harddisk0\DR0\Partition0 - ok
09:44:35.0420 0496 Boot (0x1200) (d1129a4fc6684364a064e2a7743b0a8b) \Device\Harddisk1\DR1\Partition0
09:44:35.0421 0496 \Device\Harddisk1\DR1\Partition0 - ok
09:44:35.0421 0496 ============================================================
09:44:35.0421 0496 Scan finished
09:44:35.0421 0496 ============================================================
09:44:35.0428 4476 Detected object count: 0
09:44:35.0428 4476 Actual detected object count: 0

5: Malwarebytes
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.05.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Craig :: CRAIG-PC [administrator]

Protection: Enabled

8/5/2012 5:19:27 PM
mbam-log-2012-08-05 (17-19-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222867
Time elapsed: 10 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

6: Event Viewer
A Systems
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/08/2012 6:02:26 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/08/2012 9:34:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

6: Event Viewer
B Apps

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 05/08/2012 6:03:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/08/2012 9:34:06 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-3200882655-3172608462-4064901816-1000:
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\My
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\CA
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Policies\Microsoft\SystemCertificates
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Policies\Microsoft\SystemCertificates
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Policies\Microsoft\SystemCertificates
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Policies\Microsoft\SystemCertificates
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\trust
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2416 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3200882655-3172608462-4064901816-1000\Software\Microsoft\SystemCertificates\Root

7: OTL End of Instructions-2 files
OTL logfile created on: 8/5/2012 6:06:48 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.01% Memory free
4.24 Gb Paging File | 2.84 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 142.56 Gb Free Space | 47.82% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 836.11 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 18:51:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
PRC - [2012/08/03 18:37:19 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/30 10:20:30 | 001,590,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/01/30 10:20:30 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe
PRC - [2007/02/15 21:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/27 20:28:39 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 18:37:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Craig\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Craig\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/01/07 17:20:16 | 000,036,896 | ---- | M] (NVIDIA Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/10/24 17:40:42 | 000,036,640 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/04 11:01:04 | 000,366,080 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2008/01/19 01:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/19 01:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/08/09 21:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/02/23 17:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 6C DE 67 E6 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7SUNA
IE - HKCU\..\SearchScopes\{79E030FE-689A-4C54-A9BB-E288D75FA20C}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-27 20:28:39&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2559647
IE - HKCU\..\SearchScopes\{DE368A3A-DB0C-4539-8604-636A8B7A2672}: "URL" = http://search.speedb...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/09/05 07:44:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 16:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/18 11:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 16:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 20:28:42 | 000,000,000 | ---D | M]

[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

O1 HOSTS File: ([2012/08/05 09:31:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUE6\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUE6\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://ec2-174-129-1...eivers/FMSI.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444293C9-1C81-4331-9865-7AC0DC65EF32}: DhcpNameServer = 64.233.222.2 64.233.222.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A2E82B1-6B9C-46CC-9CC3-72BA26E08FC6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\080512 scan
[2012/08/05 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\080412 scan
[2012/08/05 17:18:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Malwarebytes
[2012/08/05 17:18:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 17:15:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 09:43:15 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Craig\Desktop\tdsskiller.exe
[2012/08/05 09:40:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 09:40:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 09:40:16 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\temp
[2012/08/05 09:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 09:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 09:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 09:18:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 09:18:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 09:15:34 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/08/05 08:57:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Craig\Desktop\aswMBR.exe
[2012/08/05 08:50:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/05 08:44:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{89EDB891-820C-499A-8E3B-F4E9597E2173}
[2012/08/05 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8E5C5C30-B80D-4D26-B4B7-0A966F7CDEA0}
[2012/08/04 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D494E34F-A362-436A-B3EF-A04615BE0516}
[2012/08/04 20:04:32 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{92E687E8-7B30-4E3B-AA24-D1912E8AA3A9}
[2012/08/04 18:51:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/03 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2A3915AD-943F-4B13-A217-1D4D0BEBE7FE}
[2012/08/03 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CFF35C3-1728-47B2-8898-C24FCEBCD4CA}
[2012/08/02 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D2F8EEA8-5484-4FAD-8904-30EB0B5153FE}
[2012/08/02 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{980BCAC8-CCFA-4F8B-9279-3982C4550344}
[2012/08/01 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\IObit
[2012/08/01 20:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/01 18:47:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8317119-7132-44A4-967C-26C6D13EE307}
[2012/08/01 18:47:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ADF3C053-7DA7-4FD9-87B5-E20F674B6DA1}
[2012/07/31 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8BCD71D-C1EF-4B8D-9E3B-5AA947425614}
[2012/07/31 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5146EC9B-FD4A-4269-8CDB-68D79E170270}
[2012/07/30 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9707D26A-1BA1-4F0E-BC65-7CF535A8FAFB}
[2012/07/30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3320F901-6E00-4F83-8AA8-9821D6EE2F99}
[2012/07/29 06:48:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8C5FDDBA-FB63-4CBD-8D36-83C24C434417}
[2012/07/29 06:48:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2AC10057-9BFB-4F52-9098-C2D81DC6B54D}
[2012/07/27 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\AVG Secure Search
[2012/07/27 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 20:28:39 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/27 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/27 20:28:04 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\SlimWare Utilities Inc
[2012/07/27 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/07/27 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/27 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4636524E-6B04-4399-AD96-ABA4E7A86DA6}
[2012/07/27 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AE53CC9D-0852-4D98-85B6-777A82F6E3C0}
[2012/07/26 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{41F8845B-8784-4DC9-94A7-E0E00D0D5A15}
[2012/07/26 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{57728C0D-F8BD-465D-8B4B-741B67FF0E99}
[2012/07/25 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C357E529-4ED0-43F5-A6EC-AF12FE6272A6}
[2012/07/25 20:08:39 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CD24D88-1C28-4D43-88F9-32BF4533DBF9}
[2012/07/24 19:09:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C0D76B89-FE6E-4F0B-9514-2A18BBED7058}
[2012/07/24 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A4FF504A-8FE1-437D-9839-A7F4B23F6A60}
[2012/07/23 17:07:31 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{63629227-0574-49AF-964F-0A3D58A4CFE3}
[2012/07/23 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{EA0DCCCD-6168-4436-AA9E-E6B8364CF7B7}
[2012/07/22 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8A1102BB-982F-494B-8BDC-79F9B9BDD575}
[2012/07/22 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{87CCA8EF-166D-4E26-A845-F708E1D97E36}
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/22 05:22:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{817C50F8-1432-4A81-8E97-FE5691E7786B}
[2012/07/22 05:21:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{B550628C-CE79-4C28-9672-AE480A26A84C}
[2012/07/21 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CCBDE6B6-DDD2-42EA-8D02-C445308D0F7A}
[2012/07/21 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7FBAA820-320A-48A2-9ADC-C6C754D4B427}
[2012/07/21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5E129D2C-3133-4741-A856-1287BA4946BD}
[2012/07/20 16:48:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BB9C8E9E-BF97-4C2D-AF05-35D0472091DB}
[2012/07/20 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DE5A3967-2A02-4C35-97A5-0C6825220442}
[2012/07/18 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C4402C7E-2E57-4F6D-9970-F88BD9B9A634}
[2012/07/18 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7D85A0C7-A592-4C27-A635-18311B976E54}
[2012/07/18 11:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C78A88D8-1147-4B99-B43F-FDD0C520FA69}
[2012/07/17 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BAF457A5-D1BA-45E2-9FED-359040BD0DC5}
[2012/07/16 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BF73EEE7-DA26-42D0-AD46-548529DCF5F2}
[2012/07/16 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{FDEF4021-8B9E-4F47-8119-16DCEF21E07C}
[2012/07/15 07:25:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8B374A73-BB3F-48C8-8C33-95267B9E41DA}
[2012/07/15 07:24:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9847654A-C2AD-4E29-BEAE-76D64CED4DD2}
[2012/07/14 07:51:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{65069096-7FDF-4C45-97F6-13CEC8EA194F}
[2012/07/14 07:50:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6F724D7F-7BA8-487E-828C-C9B40C0A5473}
[2012/07/13 16:24:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4BE1E40F-ED79-4A1D-97BA-E3C063F58890}
[2012/07/13 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AB7C3D20-5A59-4F30-908B-0B009994722A}
[2012/07/12 17:18:48 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/12 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2C85D554-7574-4785-939D-6E8DA278D867}
[2012/07/12 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{59B467EB-5BFF-4B11-B4B8-FB3FE3DF239B}
[2012/07/11 15:22:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{89B63A17-69A2-4B7B-8781-E7788D4C2481}
[2012/07/11 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{78449B96-8D8D-44D9-B898-3250C17092AA}
[2012/07/10 19:07:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 19:02:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 19:02:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 19:02:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 19:02:23 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 19:02:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 19:02:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 19:02:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 17:17:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ED8A5AB3-14D3-400B-A973-48570F48A1D3}
[2012/07/10 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5696C26A-0279-4806-AAEF-8377A19E0188}
[2012/07/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A8E23F5B-9398-499E-91ED-338E06C66AA2}
[2012/07/09 17:15:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3796A2AB-D308-4F73-AD4C-2AFF7ED4A523}
[2012/07/08 09:42:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5DF98518-0A97-46F2-92DC-E77F81BEBCDA}
[2012/07/08 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{824F0134-C66A-430F-8A4F-B9E874145E44}
[2012/07/07 07:42:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7B868D7D-DAC9-4CE2-A471-A27D795BEBED}
[2012/07/07 07:41:51 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7BC40B97-2DD4-41E5-B8C1-87B3FFC2FAF3}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 18:00:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\Craig\Desktop\VEW.exe
[2012/08/05 17:41:29 | 103,057,728 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/05 17:36:26 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 17:35:50 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 17:35:50 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 17:35:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 17:18:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 17:16:07 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 09:43:23 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Craig\Desktop\tdsskiller.exe
[2012/08/05 09:31:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/05 09:15:22 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/08/05 08:56:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Craig\Desktop\aswMBR.exe
[2012/08/04 18:51:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/04 07:44:58 | 247,078,559 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/03 22:32:34 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/03 18:56:25 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/03 18:37:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/03 18:37:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/02 19:05:23 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:13:10 | 000,604,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 20:13:10 | 000,103,984 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 19:46:02 | 000,001,356 | ---- | M] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat
[2012/07/18 11:21:06 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 18:48:24 | 000,551,373 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/12 17:18:37 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/07/12 17:18:37 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/07/12 17:18:37 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/07/12 17:18:37 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/07/12 17:18:37 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/07/10 19:11:22 | 000,033,792 | ---- | M] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 18:01:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Craig\Desktop\VEW.exe
[2012/08/05 17:18:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 09:18:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 09:18:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 09:18:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 09:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 09:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 07:44:58 | 247,078,559 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/02 19:05:07 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/11/27 10:16:02 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/03/20 11:41:16 | 000,033,792 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/20 11:35:27 | 000,001,356 | ---- | C] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D74B6CF5
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

OTL End of Instructions #2
OTL Extras logfile created on: 8/5/2012 6:06:48 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.01% Memory free
4.24 Gb Paging File | 2.84 Gb Available in Paging File | 66.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 142.56 Gb Free Space | 47.82% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 836.11 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08979A09-EBD0-4D9B-BFE5-D3B25911AC00}" = lport=138 | protocol=17 | dir=in | app=system |
"{0BE1E625-EB85-414E-B2D4-5867F961D79A}" = lport=445 | protocol=6 | dir=in | app=system |
"{1C38EEE6-99C0-47E2-8E5D-D38BA0E8FA80}" = lport=137 | protocol=17 | dir=in | app=system |
"{34081049-8486-47DF-8F40-1D30822B12DF}" = rport=137 | protocol=17 | dir=out | app=system |
"{816B3A37-0157-4266-A3A2-3F50776170FB}" = rport=138 | protocol=17 | dir=out | app=system |
"{81A8A03F-80C0-4CAE-AFF2-26E92521037A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{973012C2-5F87-4744-A742-CED0B728542A}" = lport=139 | protocol=6 | dir=in | app=system |
"{C74DC2C0-92AA-4CD3-B9CA-E7A2757CDCF9}" = rport=445 | protocol=6 | dir=out | app=system |
"{C7851925-06B9-48AC-A671-8BA4E6E1D097}" = rport=139 | protocol=6 | dir=out | app=system |
"{DF3C3937-1750-4FFD-AA38-6EBC2B695E20}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F4BBD815-9930-4263-9BFE-D284FF334147}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F821E503-D5B9-483F-AE76-6834D5F4A60B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046F4342-2FBE-4321-82A5-B56D2A2E33D1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{32425850-4526-41ED-A536-1840D25EBCA8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{33C821B7-3189-404F-95F7-8EB1C53AC9BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{48C523AF-CEB9-497E-BB4E-BBF1034B6263}" = protocol=58 | dir=in | [email protected],-28545 |
"{74DB6A36-73D1-4900-ACA5-1C5A92D56568}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{97CE600C-F2AF-4B85-8D5F-E317BDA25814}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A190ADF5-7067-4889-AD99-E594AAAA3412}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A5BF4B4B-9ED8-4930-80E0-909F08F16163}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B8F7989E-A196-42B6-8A23-2FACAD511D9D}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{C0A0BB1B-255D-4D99-ABB2-905F146D2CCF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C2370FE1-16CB-462A-80B9-86FF3AC4AF58}" = protocol=1 | dir=in | [email protected],-28543 |
"{C262B335-8B02-49AF-BBCE-970A4E859E7B}" = protocol=1 | dir=out | [email protected],-28544 |
"{C43ADCE3-CCE9-49C5-B9E4-95912EFE79C9}" = protocol=58 | dir=out | [email protected],-28546 |
"{EB4FE857-5840-4F6A-82AB-90883A1883DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"TCP Query User{A1EB4F8D-A139-493B-9B45-B9FF2B43E0B5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FC6D7C07-4A47-4E70-BBA9-A6FF7E4AD99F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA199A8-574E-432F-A98F-A55741E233D1}_is1" = 3GP Player 2011
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}" = Dynex 5-in-1 card reader
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8192B14-5B56-2E27-6652-8AA650091D6E}" = Shutterfly Express Uploader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"CareBearsDKey" = CareBears
"CCleaner" = CCleaner
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{BB1DFC2A-8B34-4632-B3B3-AD037E500A00}" = Dynex 5-in-1 card reader
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2008b" = Microsoft Money Plus
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PUBLISHERR" = Microsoft Office Publisher 2007 Trial
"SendToKindle" = Amazon Send to Kindle
"Silent Package Run-Time Sample" = EPSON RX595 User's Guide
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"SystemRequirementsLab" = System Requirements Lab
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Media Center Events ]
Error - 4/17/2008 2:51:24 PM | Computer Name = Craig-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 4:45:38 PM | Computer Name = Craig-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/30/2008 10:51:18 AM | Computer Name = Craig-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 6:18:48 AM | Computer Name = Craig-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

< End of report >

Thanks again
craig

#4
RKinner

Posted 05 August 2012 - 07:33 PM

Malware Expert

Expert
24,625 posts

Something went wrong with the OTL fix. It looks like you lost all of the carriage returns when you copied and pasted. I'm going to attach the fix. Please download it and save it then open it with notepad, copy it and run OTL. Paste it (ctrl + v) into the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button.

Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

#5
craigoh

Posted 06 August 2012 - 02:32 PM

Member

Topic Starter
Member
29 posts

Ron,

I do not know how I could have copied it incorrectly, but sorry.

I ran OTL again and it asked for reboot. I accepted. But OTL did not creat a log on my desktop.

What would be the next step?

As always, Thank you
c

#6
RKinner

Posted 06 August 2012 - 04:08 PM

Malware Expert

Expert
24,625 posts

Run OTL, Quickscan and post the log. Are you still getting redirected? How do you connect to the Internet? Is there a router that belongs to you? Or just a dsl/cable modem? What browser are you using? Does it happen with other browsers?

#7
craigoh

Posted 06 August 2012 - 05:15 PM

Member

Topic Starter
Member
29 posts

Ron,

I think you corrected it. Yesterday after all the scans and then today after the scans, I have not had any problems. My browser is IE and I have not used another browser.
I connect by direct wire to a wireless router that is then connected to a cable modem. (had a bad experiece wireless so I decided to just take that out of the equation)

Here is the log:
OTL logfile created on: 8/6/2012 7:01:58 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Craig\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.81% Memory free
4.24 Gb Paging File | 2.73 Gb Available in Paging File | 64.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 138.56 Gb Free Space | 46.48% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 836.11 Gb Free Space | 89.76% Space Free | Partition Type: NTFS

Computer Name: CRAIG-PC | User Name: Craig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/04 18:51:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
PRC - [2012/08/03 18:37:19 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 05:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 05:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/01/30 10:20:30 | 001,590,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/01/30 10:20:30 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe
PRC - [2007/02/15 21:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/27 20:28:39 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/07/27 20:28:37 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/06/13 19:28:55 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 19:28:47 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/11 10:46:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/11 10:46:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/11 10:43:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/11 10:42:32 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/11 10:42:20 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2007/05/03 11:55:16 | 000,131,072 | ---- | M] () -- C:\Program Files\Multimedia Card Reader\readericon10.exe

========== Win32 Services (SafeList) ==========

SRV - [2012/08/03 18:37:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 20:28:38 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 06:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/01/30 10:20:30 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2009/01/07 17:20:18 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Craig\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Craig\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/15 06:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/01/07 17:20:16 | 000,036,896 | ---- | M] (NVIDIA Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/10/24 17:40:42 | 000,036,640 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/04 11:01:04 | 000,366,080 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2008/01/19 01:53:28 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstape.sys -- (MSTAPE)
DRV - [2008/01/19 01:53:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avcstrm.sys -- (AVCSTRM)
DRV - [2007/08/09 21:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2005/02/23 17:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7E 6C DE 67 E6 B7 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7SUNA
IE - HKCU\..\SearchScopes\{79E030FE-689A-4C54-A9BB-E288D75FA20C}: "URL" = http://search.avg.co...}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-27 20:28:39&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/09/05 07:44:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/27 16:47:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/18 11:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 16:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 20:28:42 | 000,000,000 | ---D | M]

[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions
[2009/08/22 16:32:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Craig\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

O1 HOSTS File: ([2012/08/05 09:31:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [readericon10] C:\Program Files\Multimedia Card Reader\readericon10.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pn...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{444293C9-1C81-4331-9865-7AC0DC65EF32}: DhcpNameServer = 64.233.222.2 64.233.222.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A2E82B1-6B9C-46CC-9CC3-72BA26E08FC6}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Craig\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 16:10:04 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3E87400A-C6B4-45BE-B149-1BAAB16DC3A6}
[2012/08/06 16:09:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CFCFB436-389C-46AC-B3CF-8589F48FB11D}
[2012/08/05 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\080512 scan
[2012/08/05 17:36:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\Desktop\080412 scan
[2012/08/05 17:18:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\Malwarebytes
[2012/08/05 17:18:15 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/05 17:18:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 17:15:53 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 09:43:15 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Craig\Desktop\tdsskiller.exe
[2012/08/05 09:40:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/05 09:40:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/05 09:40:16 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\temp
[2012/08/05 09:18:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 09:18:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 09:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 09:18:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 09:18:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 09:15:34 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/08/05 08:57:08 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Craig\Desktop\aswMBR.exe
[2012/08/05 08:50:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/05 08:44:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{89EDB891-820C-499A-8E3B-F4E9597E2173}
[2012/08/05 08:43:51 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8E5C5C30-B80D-4D26-B4B7-0A966F7CDEA0}
[2012/08/04 20:04:53 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D494E34F-A362-436A-B3EF-A04615BE0516}
[2012/08/04 20:04:32 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{92E687E8-7B30-4E3B-AA24-D1912E8AA3A9}
[2012/08/04 18:51:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/03 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2A3915AD-943F-4B13-A217-1D4D0BEBE7FE}
[2012/08/03 18:55:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CFF35C3-1728-47B2-8898-C24FCEBCD4CA}
[2012/08/02 19:24:36 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{D2F8EEA8-5484-4FAD-8904-30EB0B5153FE}
[2012/08/02 19:24:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{980BCAC8-CCFA-4F8B-9279-3982C4550344}
[2012/08/01 20:59:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Roaming\IObit
[2012/08/01 20:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/01 18:47:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8317119-7132-44A4-967C-26C6D13EE307}
[2012/08/01 18:47:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ADF3C053-7DA7-4FD9-87B5-E20F674B6DA1}
[2012/07/31 19:24:56 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C8BCD71D-C1EF-4B8D-9E3B-5AA947425614}
[2012/07/31 19:24:35 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5146EC9B-FD4A-4269-8CDB-68D79E170270}
[2012/07/30 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9707D26A-1BA1-4F0E-BC65-7CF535A8FAFB}
[2012/07/30 16:23:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3320F901-6E00-4F83-8AA8-9821D6EE2F99}
[2012/07/29 06:48:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8C5FDDBA-FB63-4CBD-8D36-83C24C434417}
[2012/07/29 06:48:29 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2AC10057-9BFB-4F52-9098-C2D81DC6B54D}
[2012/07/27 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\AVG Secure Search
[2012/07/27 20:28:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 20:28:39 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/27 20:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/27 20:28:04 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\SlimWare Utilities Inc
[2012/07/27 20:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/07/27 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/27 20:08:59 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4636524E-6B04-4399-AD96-ABA4E7A86DA6}
[2012/07/27 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AE53CC9D-0852-4D98-85B6-777A82F6E3C0}
[2012/07/26 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{41F8845B-8784-4DC9-94A7-E0E00D0D5A15}
[2012/07/26 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{57728C0D-F8BD-465D-8B4B-741B67FF0E99}
[2012/07/25 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C357E529-4ED0-43F5-A6EC-AF12FE6272A6}
[2012/07/25 20:08:39 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6CD24D88-1C28-4D43-88F9-32BF4533DBF9}
[2012/07/24 19:09:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C0D76B89-FE6E-4F0B-9514-2A18BBED7058}
[2012/07/24 19:09:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A4FF504A-8FE1-437D-9839-A7F4B23F6A60}
[2012/07/23 17:07:31 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{63629227-0574-49AF-964F-0A3D58A4CFE3}
[2012/07/23 17:07:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{EA0DCCCD-6168-4436-AA9E-E6B8364CF7B7}
[2012/07/22 17:49:22 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8A1102BB-982F-494B-8BDC-79F9B9BDD575}
[2012/07/22 17:49:01 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{87CCA8EF-166D-4E26-A845-F708E1D97E36}
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/22 07:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/22 05:22:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{817C50F8-1432-4A81-8E97-FE5691E7786B}
[2012/07/22 05:21:49 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{B550628C-CE79-4C28-9672-AE480A26A84C}
[2012/07/21 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{CCBDE6B6-DDD2-42EA-8D02-C445308D0F7A}
[2012/07/21 07:32:57 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7FBAA820-320A-48A2-9ADC-C6C754D4B427}
[2012/07/21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5E129D2C-3133-4741-A856-1287BA4946BD}
[2012/07/20 16:48:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BB9C8E9E-BF97-4C2D-AF05-35D0472091DB}
[2012/07/20 16:47:40 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{DE5A3967-2A02-4C35-97A5-0C6825220442}
[2012/07/18 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C4402C7E-2E57-4F6D-9970-F88BD9B9A634}
[2012/07/18 16:52:14 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{7D85A0C7-A592-4C27-A635-18311B976E54}
[2012/07/18 11:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/17 19:01:18 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{C78A88D8-1147-4B99-B43F-FDD0C520FA69}
[2012/07/17 19:00:55 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BAF457A5-D1BA-45E2-9FED-359040BD0DC5}
[2012/07/16 18:37:09 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{BF73EEE7-DA26-42D0-AD46-548529DCF5F2}
[2012/07/16 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{FDEF4021-8B9E-4F47-8119-16DCEF21E07C}
[2012/07/15 07:25:15 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{8B374A73-BB3F-48C8-8C33-95267B9E41DA}
[2012/07/15 07:24:54 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{9847654A-C2AD-4E29-BEAE-76D64CED4DD2}
[2012/07/14 07:51:11 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{65069096-7FDF-4C45-97F6-13CEC8EA194F}
[2012/07/14 07:50:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{6F724D7F-7BA8-487E-828C-C9B40C0A5473}
[2012/07/13 16:24:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{4BE1E40F-ED79-4A1D-97BA-E3C063F58890}
[2012/07/13 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{AB7C3D20-5A59-4F30-908B-0B009994722A}
[2012/07/12 17:17:50 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{2C85D554-7574-4785-939D-6E8DA278D867}
[2012/07/12 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{59B467EB-5BFF-4B11-B4B8-FB3FE3DF239B}
[2012/07/11 15:22:23 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{89B63A17-69A2-4B7B-8781-E7788D4C2481}
[2012/07/11 15:22:02 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{78449B96-8D8D-44D9-B898-3250C17092AA}
[2012/07/10 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{ED8A5AB3-14D3-400B-A973-48570F48A1D3}
[2012/07/10 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5696C26A-0279-4806-AAEF-8377A19E0188}
[2012/07/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{A8E23F5B-9398-499E-91ED-338E06C66AA2}
[2012/07/09 17:15:06 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{3796A2AB-D308-4F73-AD4C-2AFF7ED4A523}
[2012/07/08 09:42:42 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{5DF98518-0A97-46F2-92DC-E77F81BEBCDA}
[2012/07/08 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Craig\AppData\Local\{824F0134-C66A-430F-8A4F-B9E874145E44}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 19:03:49 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 19:03:49 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 18:52:12 | 103,125,647 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/06 18:36:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 17:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 18:00:57 | 000,061,440 | ---- | M] ( ) -- C:\Users\Craig\Desktop\VEW.exe
[2012/08/05 17:18:16 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 17:16:07 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Craig\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/05 09:43:23 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Craig\Desktop\tdsskiller.exe
[2012/08/05 09:31:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/05 09:15:22 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Craig\Desktop\ComboFix.exe
[2012/08/05 08:56:45 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Craig\Desktop\aswMBR.exe
[2012/08/04 18:51:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Craig\Desktop\OTL.exe
[2012/08/04 07:44:58 | 247,078,559 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/03 22:32:34 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/03 18:56:25 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/02 19:05:23 | 000,371,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 20:28:39 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 20:13:10 | 000,604,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 20:13:10 | 000,103,984 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/24 19:46:02 | 000,001,356 | ---- | M] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat
[2012/07/18 11:21:06 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/15 18:48:24 | 000,551,373 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/07/10 19:11:22 | 000,033,792 | ---- | M] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 18:01:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Craig\Desktop\VEW.exe
[2012/08/05 17:18:16 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/05 09:18:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 09:18:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 09:18:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 09:18:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 09:18:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 07:44:58 | 247,078,559 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/02 19:05:07 | 000,371,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2010/11/27 10:16:02 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/03/20 11:41:16 | 000,033,792 | ---- | C] () -- C:\Users\Craig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/20 11:35:27 | 000,001,356 | ---- | C] () -- C:\Users\Craig\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/07/22 07:54:20 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\AVG
[2011/09/25 08:11:20 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\AVG2012
[2010/11/30 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\com.Shutterfly.ExpressUploader
[2010/11/05 16:43:38 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\EbkReader
[2010/04/27 15:22:48 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\EPSON
[2011/07/22 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\FrostWire
[2010/05/08 10:20:33 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\FUJIFILM
[2011/04/22 15:21:41 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Garmin
[2009/03/30 19:32:26 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\GetRightToGo
[2012/08/01 20:59:09 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\IObit
[2008/03/20 12:40:26 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Leadertech
[2010/10/23 11:25:05 | 000,000,000 | ---D | M] -- C:\Users\Craig\AppData\Roaming\Windows Live Writer
[2012/08/06 16:54:08 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#8
RKinner

Posted 06 August 2012 - 09:06 PM

Malware Expert

Expert
24,625 posts

Good. Let's cleanup now:

We need to cleanup System Restore:

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron