Inactive BSOD and Chrome redirecting

[Flumple]

Hi,

I received the BSOD whilst browsing the web this afternoon and each time I restart my computer in normal mode I get another blue screen. Initially I thought it was a hardware problem, however, having successfully booted into safe mode (with networking) my browser seems to be redirecting me to sites like eBay (and some dodgy looking ‘virus removal’ software) - leading me to think that this could be a malware issue.
Does this sound plausible? I'm not sure how common it is for malware to affect computers in this way. If it’s more likely to be a hardware problem then I could head across to the forum for that.
See attached logs below. They have all be obtained in Safe Mode as I can’t run normal mode without crashing.

Malware Log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8403

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

20/12/2011 19:31:10
mbam-log-2011-12-20 (19-31-10).txt

Scan type: Quick scan
Objects scanned: 163049
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-20 19:58:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.SBDO
Running: i33ofei6.exe; Driver: C:\Users\Ben\AppData\Local\Temp\uwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 82251369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8228AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE74A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE7535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE76F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[152] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[328] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[424] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 76FE5F18 5 Bytes JMP 001B000A
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtWriteVirtualMemory 76FE6A98 5 Bytes JMP 0045000A
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!KiUserExceptionDispatcher 76FE7008 5 Bytes JMP 001A000A
.text C:\Windows\Explorer.EXE[1224] ntdll.dll!NtProtectVirtualMemory 76FE5F18 5 Bytes JMP 0071000A
.text C:\Windows\Explorer.EXE[1224] ntdll.dll!NtWriteVirtualMemory 76FE6A98 5 Bytes JMP 0072000A
.text C:\Windows\Explorer.EXE[1224] ntdll.dll!KiUserExceptionDispatcher 76FE7008 5 Bytes JMP 005C000A
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE64A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE6535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE66F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 07, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[1404] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE74A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE7535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE76F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2028] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtCreateFile + 6 76FE55CE 4 Bytes [28, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtCreateFile + B 76FE55D3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 1 Byte [28]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtMapViewOfSection + 6 76FE5C2E 4 Bytes [28, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtMapViewOfSection + B 76FE5C33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenFile + 6 76FE5CDE 4 Bytes [68, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenFile + B 76FE5CE3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcess + 6 76FE5D8E 4 Bytes [A8, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcess + B 76FE5D93 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessToken + 6 76FE5D9E 4 Bytes CALL 75FE74A4 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessToken + B 76FE5DA3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessTokenEx + 6 76FE5DAE 4 Bytes [A8, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessTokenEx + B 76FE5DB3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThread + 6 76FE5E0E 4 Bytes [68, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThread + B 76FE5E13 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadToken + 6 76FE5E1E 4 Bytes [68, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadToken + B 76FE5E23 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadTokenEx + 6 76FE5E2E 4 Bytes CALL 75FE7535 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadTokenEx + B 76FE5E33 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryAttributesFile + 6 76FE5F3E 4 Bytes [A8, 00, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryAttributesFile + B 76FE5F43 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryFullAttributesFile + 6 76FE5FEE 4 Bytes CALL 75FE76F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryFullAttributesFile + B 76FE5FF3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationFile + 6 76FE663E 4 Bytes [28, 01, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationFile + B 76FE6643 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationThread + 6 76FE669E 4 Bytes [28, 02, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationThread + B 76FE66A3 1 Byte [E2]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 1 Byte [68]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtUnmapViewOfSection + 6 76FE69BE 4 Bytes [68, 03, 17, 00]
.text C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtUnmapViewOfSection + B 76FE69C3 1 Byte [E2]
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!NtCreateProcess 76FE5698 5 Bytes JMP 005B000A
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!NtCreateProcessEx 76FE56A8 5 Bytes JMP 0060000A
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!NtCreateUserProcess 76FE5778 5 Bytes JMP 0065000A
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!NtProtectVirtualMemory 76FE5F18 5 Bytes JMP 0026000A
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!NtWriteVirtualMemory 76FE6A98 5 Bytes JMP 0054000A
.text C:\Windows\System32\ping.exe[3960] ntdll.dll!KiUserExceptionDispatcher 76FE7008 5 Bytes JMP 000D000A
.text C:\Windows\System32\ping.exe[3960] USER32.dll!GetCursorPos 7543A4B3 5 Bytes JMP 0068000A
.text C:\Windows\System32\ping.exe[3960] USER32.dll!GetForegroundWindow 7544335D 5 Bytes JMP 007A000A
.text C:\Windows\System32\ping.exe[3960] USER32.dll!WindowFromPoint 75466BE9 5 Bytes JMP 0079000A
.text C:\Windows\System32\ping.exe[3960] ole32.dll!CoCreateInstance 759B9D0B 5 Bytes JMP 0067000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000071 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB188$\104013258 0 bytes
File C:\Windows\$NtUninstallKB188$\2782373227 0 bytes
File C:\Windows\$NtUninstallKB188$\2782373227\L 0 bytes
File C:\Windows\$NtUninstallKB188$\2782373227\U 0 bytes

---- EOF - GMER 1.0.15 ----

 

[Flumple]

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Ben at 19:58:50 on 2011-12-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.802 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - No File
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [<NO NAME>]
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctMTEzNDE3NjAzNC1TVDEyRk9JKzEtRERUKzAtRVVMQSsxLVNUMTJGQVBQKzE"&"prod=90"&"ver=2012.0.1890"&"mid=ca10d9781d3147d197bbd1
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\2302779736860256C6D6024627966756 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\244584F6D65684572623D2B483A483 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\348616374756F596E6F5354716475737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\86F6473707F647 : DhcpNameServer = 137.205.205.80 137.205.205.100
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\F42377962756C6563737134323938333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}\F62377962756C6563737646463631313 : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\0n2l19cn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ben\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\ben\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ben\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2011-3-30 296160]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-5-18 325672]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-5-18 6630912]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-20 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-20 314456]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKslccd16cc5;MpKslccd16cc5;c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\MpKslccd16cc5.sys [2011-12-20 29904]
S1 MpKslead9003b;MpKslead9003b;c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\MpKslead9003b.sys [2011-12-20 29904]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
S1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-20 20568]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-20 55128]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-20 44768]
S2 bbtest_svc;Broadband Test Application;c:\program files\broadband test application\BroadbandTestApp.exe [2011-3-24 815104]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-26 136176]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-18 1153368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-26 136176]
S3 MADFU;MADFU;c:\windows\system32\drivers\MADFU.sys [2009-11-18 16512]
S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\drivers\MAudioConectiv_DFU.sys [2009-10-2 42248]
S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\drivers\MAudioConectiv.sys [2009-10-2 158344]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\drivers\MAudioFastTrackPro.sys [2010-12-7 158600]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-26 8576]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2009-11-18 20168]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-24 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-16 11520]
S3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\drivers\Xpad.sys [2011-8-4 12800]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
S4 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
S4 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
S4 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
.
=============== Created Last 30 ================
.
2011-12-20 19:19:56 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\offreg.dll
2011-12-20 18:17:34 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-20 18:17:33 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-20 18:17:21 41184 ----a-w- c:\windows\avastSS.scr
2011-12-20 18:17:14 -------- d-----w- c:\programdata\AVAST Software
2011-12-20 18:17:14 -------- d-----w- c:\program files\AVAST Software
2011-12-20 17:48:43 -------- d-----w- c:\users\ben\appdata\roaming\Malwarebytes
2011-12-20 17:47:58 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 17:47:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 17:47:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 17:46:59 -------- d--h--w- c:\programdata\Common Files
2011-12-20 17:35:52 -------- d-----w- c:\programdata\MFAData
2011-12-20 17:11:35 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\MpKslead9003b.sys
2011-12-20 17:07:52 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\MpKslccd16cc5.sys
2011-12-20 16:50:59 -------- d-----w- c:\users\ben\appdata\local\ElevatedDiagnostics
2011-12-20 16:43:03 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{68530025-e927-4343-829a-04526362c165}\mpengine.dll
2011-12-20 15:19:59 -------- d-----w- c:\programdata\fC21800EiCoN21800
2011-12-20 12:28:14 -------- d-----w- c:\users\ben\appdata\local\{672CD27C-AF7A-4B2E-8233-6CC144871A9C}
2011-12-20 12:27:49 -------- d-----w- c:\users\ben\appdata\local\{C1075773-BDD6-4B63-82D1-7EDBA18D5324}
2011-12-19 23:54:37 -------- d-----w- c:\users\ben\appdata\local\{FAAC8CA4-7962-414D-9453-4F0AAA473DFA}
2011-12-19 23:54:25 -------- d-----w- c:\users\ben\appdata\local\{75FD431F-D8FA-4B81-AC3E-2D3D6385D308}
2011-12-19 11:32:50 -------- d-----w- c:\users\ben\appdata\local\{B6A5A649-58F7-4ADD-B644-4A1FA6439EC9}
2011-12-19 11:32:29 -------- d-----w- c:\users\ben\appdata\local\{E3E99457-A35C-47AA-BD2D-77C83FC1C759}
2011-12-18 16:42:28 -------- d-----w- c:\users\ben\appdata\local\{5379847D-F775-410B-9DAE-B35BD1F027D2}
2011-12-18 16:42:17 -------- d-----w- c:\users\ben\appdata\local\{2AC9097A-3443-4F55-BAB4-068AE965CD76}
2011-12-18 01:47:37 -------- d-----w- c:\users\ben\appdata\local\{3C025360-8BE8-48A8-B75B-CC90D6F5E914}
2011-12-18 01:47:23 -------- d-----w- c:\users\ben\appdata\local\{A5CE6AFB-707E-4E0B-BFF4-A1FC65A3776C}
2011-12-17 13:32:27 -------- d-----w- c:\users\ben\appdata\local\{D0BCDCFC-5A00-4EE4-B6DB-7AC140C4C477}
2011-12-17 13:32:16 -------- d-----w- c:\users\ben\appdata\local\{A8D4EEFC-E20F-4908-98CE-6C0FE53522D8}
2011-12-17 11:10:10 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-17 11:10:09 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-17 11:10:05 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-12-17 01:04:31 -------- d-----w- c:\users\ben\appdata\local\{3D943811-8AF0-45E9-8CE9-31545ED6DDE8}
2011-12-17 01:04:14 -------- d-----w- c:\users\ben\appdata\local\{F59D4F2B-E525-45B6-88D6-FEBBBD06F76C}
2011-12-16 08:54:46 -------- d-----w- c:\users\ben\appdata\local\{5D9CCA52-9764-48E8-9672-1D9397358BAD}
2011-12-16 08:54:22 -------- d-----w- c:\users\ben\appdata\local\{D4D325EE-6F5C-40BA-A2D0-BCFA5A2BA1F6}
2011-12-15 23:31:50 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-15 23:31:50 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-15 23:31:50 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-15 15:21:03 -------- d-----w- c:\users\ben\appdata\local\BIT.TRIP RUNNER
2011-12-15 15:20:42 -------- d-----w- c:\program files\OpenAL
2011-12-15 15:20:41 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-15 15:20:40 -------- d-----w- c:\windows\system32\directx
2011-12-15 12:29:00 -------- d-----w- c:\users\ben\appdata\local\{51643631-E46C-482D-95DF-B1EF1F523436}
2011-12-15 12:28:45 -------- d-----w- c:\users\ben\appdata\local\{11E8EE0D-E0EB-4E40-8BA8-4089C276A338}
2011-12-15 00:07:50 -------- d-----w- c:\users\ben\appdata\local\{93AE6F5C-E026-442C-B555-76C05C06C581}
2011-12-15 00:07:36 -------- d-----w- c:\users\ben\appdata\local\{B6E3DA19-9C32-495A-A2B7-26FAB88B513E}
2011-12-14 10:50:08 -------- d-----w- c:\users\ben\appdata\local\{46C3C79E-B54A-4BB4-8D58-22F69E906F5C}
2011-12-14 10:49:54 -------- d-----w- c:\users\ben\appdata\local\{843D2918-B2D8-4B6F-B0D8-E4D254120A0A}
2011-12-14 10:39:49 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 10:39:48 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 10:39:42 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 10:39:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 10:38:53 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 10:38:51 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:16:49 -------- d-----w- c:\users\ben\appdata\roaming\Nicalis
2011-12-13 22:49:23 -------- d-----w- c:\users\ben\appdata\local\{7DA3FA2C-6682-4CD4-B21C-DBE567C896C0}
2011-12-13 22:49:11 -------- d-----w- c:\users\ben\appdata\local\{A9F60859-2909-4CEB-87A2-CA39F5D45235}
2011-12-13 10:48:40 -------- d-----w- c:\users\ben\appdata\local\{D7D14D3B-A9F1-42B7-AEDD-A0A617F087FC}
2011-12-13 10:48:27 -------- d-----w- c:\users\ben\appdata\local\{924745E3-E092-41F5-8711-3B0254683755}
2011-12-12 22:47:58 -------- d-----w- c:\users\ben\appdata\local\{E4944595-14B9-48BC-A9CA-3A731524C2F6}
2011-12-12 22:47:47 -------- d-----w- c:\users\ben\appdata\local\{0825F1C0-56E0-4AC7-8D25-C95CEA81435D}
2011-12-12 10:01:32 -------- d-----w- c:\users\ben\appdata\local\{21EB6B7C-4E47-4FE3-AF2A-253F797B499E}
2011-12-12 10:01:20 -------- d-----w- c:\users\ben\appdata\local\{AC035030-27B8-4505-AE96-0566E731B166}
2011-12-11 22:00:52 -------- d-----w- c:\users\ben\appdata\local\{5475B409-A69F-4C0B-96BE-794790FB0C98}
2011-12-11 22:00:40 -------- d-----w- c:\users\ben\appdata\local\{FE0A422C-237D-4F16-8116-D281B5ABFC5D}
2011-12-11 08:34:41 -------- d-----w- c:\users\ben\appdata\local\{B614988F-1082-4EB4-B72E-257CA93158B1}
2011-12-11 08:34:25 -------- d-----w- c:\users\ben\appdata\local\{F8F48DA0-20F7-4AB6-ACBD-0E0F0A90350D}
2011-12-10 13:47:28 -------- d-----w- c:\users\ben\appdata\local\{AF92EEFF-0D54-413A-9394-F13F9AF8F691}
2011-12-10 13:47:12 -------- d-----w- c:\users\ben\appdata\local\{E6E8CFC1-11CC-4302-A65C-14F59F5E21E8}
2011-12-10 00:06:21 -------- d-----w- c:\users\ben\appdata\local\{CA0C595B-DC9A-4784-9ED2-248F2CA31BC1}
2011-12-10 00:06:09 -------- d-----w- c:\users\ben\appdata\local\{310DC244-D4C5-42AE-BED4-189081E0C4C1}
2011-12-09 08:24:36 -------- d-----w- c:\users\ben\appdata\local\{53858B48-540A-4CD1-9843-8E4DD085DF38}
2011-12-09 08:24:18 -------- d-----w- c:\users\ben\appdata\local\{57DF3087-1F3C-4E5C-A75F-FC12AACEF1B5}
2011-12-08 19:50:41 -------- d-----w- c:\users\ben\appdata\local\{C9D3B3FA-6400-47BE-932A-E21C76BE4B83}
2011-12-08 19:50:26 -------- d-----w- c:\users\ben\appdata\local\{F42709AD-8233-4777-8E6A-FD5033560F0D}
2011-12-08 07:50:12 -------- d-----w- c:\users\ben\appdata\local\{8BB2F21E-6E3B-4811-9F81-6370D63AB9A3}
2011-12-08 07:50:00 -------- d-----w- c:\users\ben\appdata\local\{DA33F845-BD1C-4A1C-B72A-DC8FB5050C4A}
2011-12-07 12:09:58 -------- d-----w- c:\users\ben\appdata\local\{7EFFD364-771F-4B8A-B7E7-A23F70D0C5CF}
2011-12-07 12:09:42 -------- d-----w- c:\users\ben\appdata\local\{5280DCE5-0127-4D4F-9D7E-538C0726284C}
2011-12-07 00:09:20 -------- d-----w- c:\users\ben\appdata\local\{F17D9644-1243-4D15-AC78-26378E4359CE}
2011-12-07 00:09:03 -------- d-----w- c:\users\ben\appdata\local\{C7CC0663-3BFD-4F97-9CA4-5A2159E48971}
2011-12-06 12:08:43 -------- d-----w- c:\users\ben\appdata\local\{11859002-2603-461E-855E-D7253BC878B9}
2011-12-06 12:08:30 -------- d-----w- c:\users\ben\appdata\local\{366F0933-2700-41F3-95FA-68BFDAB27590}
2011-12-06 00:00:47 -------- d-----w- c:\users\ben\appdata\local\{4197B00C-E09D-4778-AB73-60DD15C072AD}
2011-12-06 00:00:35 -------- d-----w- c:\users\ben\appdata\local\{148FEB33-956B-45C8-89FD-31D5CDA6815E}
2011-12-05 09:52:33 -------- d-----w- c:\users\ben\appdata\local\{E97A037B-5629-4CDE-91B0-114EFDBF9A34}
2011-12-05 09:52:21 -------- d-----w- c:\users\ben\appdata\local\{28C65178-28B2-4F2A-9BF4-329A47E96060}
2011-12-04 21:51:44 -------- d-----w- c:\users\ben\appdata\local\{518D9D90-2D48-4FCC-BB2F-6B8CF1100873}
2011-12-04 21:51:26 -------- d-----w- c:\users\ben\appdata\local\{83015F9C-9CDA-46E0-885F-96B8E3A48DB3}
2011-12-04 08:19:43 -------- d-----w- c:\users\ben\appdata\local\{50D48658-AC30-49AA-9F3A-482A72D00521}
2011-12-04 08:19:30 -------- d-----w- c:\users\ben\appdata\local\{8AD0DBC8-B8DF-46BC-A245-9CE740F27CD5}
2011-12-03 12:27:44 -------- d-----w- c:\users\ben\appdata\local\{DDD5C263-4AAE-4D10-B8FA-E008AAFB2DD0}
2011-12-03 12:27:26 -------- d-----w- c:\users\ben\appdata\local\{4E8E9DAD-E65C-4FB2-AC2F-9D36606C5EED}
2011-12-02 12:55:09 -------- d-----w- c:\users\ben\appdata\local\{BA332EAD-151A-428B-B229-DE8ACC367DF8}
2011-12-02 12:54:38 -------- d-----w- c:\users\ben\appdata\local\{DC79F90D-0D47-40FB-B360-7518337C7F9F}
2011-12-01 22:42:02 -------- d-----w- c:\users\ben\appdata\local\{5267DFA1-DC71-4449-A584-26543DD445B1}
2011-12-01 22:41:47 -------- d-----w- c:\users\ben\appdata\local\{B3F2E9CA-7ABF-4744-95A0-EB6EE9E69E12}
2011-12-01 08:51:26 -------- d-----w- c:\users\ben\appdata\local\{EBC56919-E2FE-4466-AD67-ECAE3DD3E54C}
2011-12-01 08:50:53 -------- d-----w- c:\users\ben\appdata\local\{D30BB0F8-A029-41C4-AA5E-EE9A7D4E3F00}
2011-11-30 12:47:19 -------- d-----w- c:\users\ben\appdata\local\{E0F1F83C-A962-4594-821C-E1D3DBC11B84}
2011-11-30 12:47:07 -------- d-----w- c:\users\ben\appdata\local\{756E8175-A0AC-4FCC-8A41-6FB06E0C8215}
2011-11-30 00:46:34 -------- d-----w- c:\users\ben\appdata\local\{7658A37D-1992-4C1B-821A-2C8FF298E087}
2011-11-30 00:46:21 -------- d-----w- c:\users\ben\appdata\local\{895155CF-9466-4B75-B3C5-2046C9E7E2C9}
2011-11-29 12:46:03 -------- d-----w- c:\users\ben\appdata\local\{ADD342C4-CE91-46E4-9D58-22D18C7FB898}
2011-11-29 12:45:52 -------- d-----w- c:\users\ben\appdata\local\{721CEC5C-23CF-46AB-B09F-5D397AE18C1D}
2011-11-28 22:33:33 -------- d-----w- c:\users\ben\appdata\local\{B494823A-8A03-44BD-AC71-3EAC2E5BE892}
2011-11-28 22:33:21 -------- d-----w- c:\users\ben\appdata\local\{6F07B8D3-D42E-4460-A750-7061A85ABCD5}
2011-11-28 10:32:51 -------- d-----w- c:\users\ben\appdata\local\{847D45CB-E974-4DF5-B9BE-62FC0090D6EE}
2011-11-28 10:32:39 -------- d-----w- c:\users\ben\appdata\local\{0F744427-8A01-4FD2-9AB9-4543CCCCD683}
2011-11-27 22:32:09 -------- d-----w- c:\users\ben\appdata\local\{6E1FA911-BF7B-4C79-9996-613DB49DDED4}
2011-11-27 22:31:56 -------- d-----w- c:\users\ben\appdata\local\{726FEE5F-965E-4138-98C9-ADA078833AA5}
2011-11-26 21:47:48 -------- d-----w- c:\users\ben\appdata\local\{3EDED7F1-4E96-40F4-8908-5CB301D16333}
2011-11-26 21:47:35 -------- d-----w- c:\users\ben\appdata\local\{4062B435-42A2-4C2C-A60F-13BD7F44463E}
2011-11-26 09:47:12 -------- d-----w- c:\users\ben\appdata\local\{A5B00411-2B4C-48CF-ACF9-0719A7EA4AD8}
2011-11-26 09:46:46 -------- d-----w- c:\users\ben\appdata\local\{84577B8A-FA8D-4A19-92B6-8571FBEDAD9B}
2011-11-25 15:06:06 -------- d-----w- c:\users\ben\appdata\local\{988594A4-DCBA-4EE0-847B-1AC6D654ECD2}
2011-11-25 15:05:53 -------- d-----w- c:\users\ben\appdata\local\{1BBFFE03-1A1B-4D39-8A27-5DD13BDFC731}
2011-11-24 23:29:26 -------- d-----w- c:\users\ben\appdata\local\{2C5F5EB4-AB87-4A7C-8128-BBC861D07F9C}
2011-11-24 23:29:14 -------- d-----w- c:\users\ben\appdata\local\{FB2B6471-D584-4554-9253-CC9A446CDA89}
2011-11-24 07:44:26 -------- d-----w- c:\users\ben\appdata\local\{C01B22C5-1E9E-4D86-8D47-9A528D99C6F3}
2011-11-24 07:44:12 -------- d-----w- c:\users\ben\appdata\local\{1F08A376-2566-43DE-81A5-52FE4C0C4316}
2011-11-23 10:58:12 -------- d-----w- c:\users\ben\appdata\local\{68943186-6B29-4083-ABB5-B59992D1338B}
2011-11-23 10:58:00 -------- d-----w- c:\users\ben\appdata\local\{65D38ED3-1743-43DB-BA8A-3E8A79098D60}
2011-11-22 22:31:31 -------- d-----w- c:\users\ben\appdata\local\{BD089A30-E4A6-4777-B0A6-225B37C56EA2}
2011-11-22 22:31:20 -------- d-----w- c:\users\ben\appdata\local\{272CE148-C6C8-44F4-A37A-EE2B3A5A87C5}
2011-11-22 10:12:49 -------- d-----w- c:\users\ben\appdata\local\{4A38717D-4A97-4203-820E-1C43B85EAB5B}
2011-11-22 10:12:36 -------- d-----w- c:\users\ben\appdata\local\{E2526C89-4E94-49D4-AB43-EB656C65ADA4}
2011-11-21 20:58:14 -------- d-----w- c:\users\ben\appdata\local\{BDEBD4DF-ADF1-4DF2-BD4E-EAEED87EBB91}
2011-11-21 20:57:58 -------- d-----w- c:\users\ben\appdata\local\{18699026-AD41-4827-B512-6546C24626F8}
2011-11-21 09:39:41 -------- d-----w- c:\users\ben\appdata\roaming\ShellFolderFix
2011-11-21 08:43:06 -------- d-----w- c:\users\ben\appdata\local\{0FF71AFF-D102-4A8D-BC48-58F875CD3843}
2011-11-21 08:42:55 -------- d-----w- c:\users\ben\appdata\local\{DF5EF772-BFA2-4236-AA95-8ABD07B0B4A7}
2011-11-20 20:42:27 -------- d-----w- c:\users\ben\appdata\local\{9EDFF2F3-F61D-4FF9-BB89-8513FFCEBD6D}
2011-11-20 20:42:15 -------- d-----w- c:\users\ben\appdata\local\{2F12B088-1E2F-4A8A-A892-C1E1F324E821}
.
==================== Find3M ====================
.
2011-12-15 15:20:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 15:20:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 14:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 23:28:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 19:59:35.39 ===============

 

[Flumple]

Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/11/2009 21:09:08
System Uptime: 20/12/2011 19:22:18 (0 hours ago)
.
Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U2E1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 61 GiB total, 8.494 GiB free.
D: is FIXED (NTFS) - 48 GiB total, 6.871 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: RapportKELL
Device ID: ROOT\LEGACY_RAPPORTKELL\0000
Manufacturer:
Name: RapportKELL
PNP Device ID: ROOT\LEGACY_RAPPORTKELL\0000
Service: RapportKELL
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Consumer IR Devices
Device ID: ROOT\SYSTEM\0001
Manufacturer: Microsoft
Name: Consumer IR Devices
PNP Device ID: ROOT\SYSTEM\0001
Service: circlass
.
==== System Restore Points ===================
.
RP446: 18/12/2011 12:25:58 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.65
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Aquaria
ASIO4ALL
Audacity 1.2.6
Auslogics Disk Defrag
avast! Free Antivirus
BBC iPlayer Desktop
BIT.TRIP RUNNER
Braid
Broadband Test Application
Camel Audio CamelCrusher
CamStudio OSS Desktop Recorder
Canon MP Navigator EX 1.0
Canon MP210 series
Canon My Printer
CCleaner
Crayon Physics Deluxe
CutePDF Writer 2.8
D-Fend Reloaded 1.1.0 (deinstall)
D3DX10
DisplayFusion 3.4.0
Dropbox
Drumaxx
ExpanDrive
FL Studio 10
GIMP 2.6.7
Google Chrome
Google Talk Plugin
Google Update Helper
Hardcore
IL Download Manager
IL Gross Beat
Intel(R) Graphics Media Accelerator Driver
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
K-Lite Codec Pack 5.5.1 (Standard)
Last.fm 1.5.4.27091
Launch Manager
Lectures
LIMBO
M-Audio Conectiv Driver 6.0.1 (x86)
M-Audio FastTrackPro Driver 6.0.7 (x86)
Malwarebytes' Anti-Malware version 1.51.2.1300
Maximus
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 8.2
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Labs Ribbon Hero
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Report Viewer Redistributable 2008 (KB971118)
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Tools for Applications - ENU
Mopho LE Sound Editor 2.2.1a
Mozilla Firefox (3.6.23)
Mp3tag v2.49
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Next Generation Visualisations
NightSky
Nokia Connectivity Cable Driver
Nokia PC Suite
OGA Notifier 2.0.0048.0
OpenAL
PC Connectivity Solution
Picasa 3
PSP PianoVerb 1.7.0 32bit
QuickTime
Rapport
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Series II MIDI
Shockwave
Skype Click to Call
Skype™ 5.5
Spotify
Spybot - Search & Destroy
Steam
Switch Sound File Converter
swMSM
Synaptics Pointing Device Driver
SyncToy 2.1 (x86)
TigerGame Xbox to USB Controller Version 2.01
Torq Torq 1.5.2 (Build 009) - 8 July 2009
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.11
WA Update v3.50 beta2
WD SmartWare
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Zip Motion Block Video codec (Remove Only)
.
==== Event Viewer Messages From Past Week ========
.
20/12/2011 19:34:29, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 19:34:27, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
20/12/2011 19:34:00, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1293.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/12/2011 19:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
20/12/2011 19:25:01, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 19:24:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/12/2011 19:24:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/12/2011 19:24:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/12/2011 19:24:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/12/2011 19:23:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cgdcvltt discache MpFilter RapportKELL spldr Wanarpv6
20/12/2011 19:23:01, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x8309e2a1). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-31418-01.
20/12/2011 18:38:43, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1293.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/12/2011 18:29:02, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
20/12/2011 18:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
20/12/2011 18:27:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache ExpanDrive MpFilter NetBIOS NetBT nsiproxy Psched RapportKELL rdbss spldr tdx Wanarpv6 WfpLwf
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:27:43, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 18:27:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
20/12/2011 18:27:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
20/12/2011 18:27:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
20/12/2011 18:27:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
20/12/2011 18:27:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x85a3a500, 0x89427b74, 0x89427750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-35287-01.
20/12/2011 18:25:11, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache MpFilter RapportKELL spldr Wanarpv6
20/12/2011 18:24:19, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x822ebca0, 0x89413b50, 0x89413730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-42120-01.
20/12/2011 18:17:31, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
20/12/2011 17:26:53, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1293.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/12/2011 17:16:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter RapportKELL spldr Wanarpv6
20/12/2011 17:15:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a4fceb, 0xb26176ec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-31637-01.
20/12/2011 17:13:49, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
20/12/2011 17:13:25, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
20/12/2011 17:13:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
20/12/2011 17:10:52, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a7bceb, 0xae93b6ec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-30825-01.
20/12/2011 16:53:17, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1293.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
20/12/2011 16:44:09, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
20/12/2011 16:43:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ExpanDrive MpFilter NetBIOS NetBT nsiproxy Psched RapportKELL rdbss spldr tdx Wanarpv6 WfpLwf
20/12/2011 16:43:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a4aceb, 0x8b2296ec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-28204-01.
20/12/2011 16:41:20, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
20/12/2011 16:39:30, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a45ceb, 0xb548f6ec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-39873-01.
20/12/2011 16:35:57, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83a41ceb, 0xb47ab6ec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-49545-01.
20/12/2011 15:52:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x87e47500, 0x8b32bb74, 0x8b32b750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-31668-01.
20/12/2011 15:45:33, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
20/12/2011 15:42:29, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
20/12/2011 15:42:29, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
20/12/2011 15:42:29, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
20/12/2011 15:41:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82643fe8, 0x8962b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-28376-01.
20/12/2011 15:38:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x83268fe8, 0x8b31b864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-45614-01.
20/12/2011 15:35:27, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82665fe8, 0x89627864, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-26457-01.
20/12/2011 15:32:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x85e63500, 0x89613b74, 0x89613750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-28875-01.
20/12/2011 15:30:07, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x830acca0, 0x8b327b50, 0x8b327730). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-32510-01.
20/12/2011 15:27:25, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00040075, 0x00000002, 0x00000001, 0x830be92b). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-39546-01.
20/12/2011 15:25:05, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x87e72500, 0x8b317b74, 0x8b317750). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-48235-01.
20/12/2011 15:22:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000004, 0x00000002, 0x00000000, 0x831357ff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 122011-38017-01.
20/12/2011 15:20:20, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).
20/12/2011 15:20:20, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
20/12/2011 15:20:20, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
20/12/2011 15:20:20, Error: Service Control Manager [7031] - The Broadband Test Application service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 600000 milliseconds: Run the configured recovery program.
20/12/2011 15:20:19, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
20/12/2011 15:20:19, Error: Service Control Manager [7031] - The Microsoft Network Inspection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
20/12/2011 13:54:35, Error: Service Control Manager [7031] - The Broadband Test Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Run the configured recovery program.
20/12/2011 12:39:48, Error: Service Control Manager [7031] - The Broadband Test Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Run the configured recovery program.
20/12/2011 09:29:31, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
19/12/2011 13:51:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
18/12/2011 20:14:03, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
18/12/2011 10:30:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/12/2011 14:59:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
17/12/2011 12:14:11, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/12/2011 09:55:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/12/2011 09:54:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1189.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
17/12/2011 09:54:14, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1189.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
17/12/2011 09:40:01, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
17/12/2011 01:01:56, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
16/12/2011 08:51:04, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/12/2011 12:26:31, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
15/12/2011 09:44:05, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
15/12/2011 07:53:01, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/12/2011 13:59:07, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
14/12/2011 12:09:44, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
14/12/2011 09:27:47, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
13/12/2011 11:41:37, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.856.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
13/12/2011 09:19:49, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

 

[Flumple]

I'd really appreciate some advice if anyone could offer to help.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Flumple]

Thanks Broni, I really appreciate it. Both tests have been completed in safe mode.

aswMBR Log:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-21 07:26:44
-----------------------------
07:26:44.278 OS Version: Windows 6.1.7601 Service Pack 1
07:26:44.278 Number of processors: 2 586 0xF0A
07:26:44.279 ComputerName: BEN-PC UserName: Ben
07:26:45.693 Initialize success
07:26:45.904 AVAST engine defs: 11112801
07:26:53.121 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
07:26:53.121 Disk 0 Vendor: Hitachi_ SBDO Size: 114473MB BusType: 3
07:26:53.121 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000097
07:26:53.121 Disk 1 Vendor: RICOH 01 Size: 114473MB BusType: 0
07:26:53.137 Disk 0 MBR read error 0
07:26:53.137 Disk 0 MBR scan
07:26:53.137 Disk 0 unknown MBR code
07:26:53.137 MBR BIOS signature not found 0
07:26:53.152 Disk 0 scanning sectors +227639296
07:26:53.199 Disk 0 scanning C:\Windows\system32\drivers
07:27:03.580 Service scanning
07:27:04.485 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
07:27:05.265 Modules scanning
07:27:14.843 Disk 0 trace - called modules:
07:27:14.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85a3b4d0]<<
07:27:14.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859ee460]
07:27:14.859 3 CLASSPNP.SYS[887c959e] -> nt!IofCallDriver -> [0x842ae4f0]
07:27:14.874 5 ACPI.sys[880983d4] -> nt!IofCallDriver -> \IAAStorageDevice-0[0x84bc0028]
07:27:14.874 \Driver\iaStor[0x859f2ba8] -> IRP_MJ_CREATE -> 0x85a3b4d0
07:27:16.715 AVAST engine scan C:\Windows
07:27:19.461 AVAST engine scan C:\Windows\system32
07:29:21.066 AVAST engine scan C:\Windows\system32\drivers
07:29:33.609 AVAST engine scan C:\Users\Ben
07:50:58.338 AVAST engine scan C:\ProgramData
07:54:42.982 Scan finished successfully
07:55:51.665 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
07:55:51.672 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

ComboFix Log:

ComboFix 11-12-20.04 - Ben 21/12/2011 8:36.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.1493 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Program Files
c:\program files\Program Files\Launch Manager\install.bat
c:\program files\Program Files\Launch Manager\installcomplete.vbs
c:\program files\Program Files\Launch Manager\MMKEYBD.CFG
c:\program files\Program Files\Launch Manager\Panel\acer.png
c:\program files\Program Files\Launch Manager\Panel\LManager.ICO
c:\program files\Program Files\Launch Manager\power\current\power.cmd
c:\program files\Program Files\Launch Manager\power\high\power.cmd
c:\program files\Program Files\Launch Manager\power\hstart.exe
c:\program files\Program Files\Launch Manager\power\Power.lnk
c:\program files\Program Files\Launch Manager\power\saver\power.cmd
c:\program files\Program Files\Launch Manager\QtZgAcer.EXE
c:\program files\Program Files\Launch Manager\release.txt
c:\program files\Program Files\Launch Manager\settings.reg
c:\program files\Program Files\Launch Manager\tina name.txt
c:\program files\Program Files\Launch Manager\WHQL_LH\DKbFltr.SYS
c:\program files\Program Files\Launch Manager\WHQL_LH\LManager.cat
c:\program files\Program Files\Launch Manager\WHQL_LH\LManager.INF
c:\users\Ben\AppData\Local\.#
c:\users\Ben\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-21 to 2011-12-21 )))))))))))))))))))))))))))))))
.
.
2011-12-21 08:45 . 2011-12-21 08:45 -------- d-----w- c:\users\Ben\AppData\Local\temp
2011-12-21 08:45 . 2011-12-21 08:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 08:25 . 2011-12-21 08:25 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys
2011-12-21 08:25 . 2011-12-21 08:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\offreg.dll
2011-12-21 08:23 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-21 00:22 . 2011-12-21 00:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys
2011-12-20 18:17 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-20 18:17 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-20 18:17 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-20 18:17 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-20 18:17 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-20 18:17 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-20 18:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-20 18:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-20 18:17 . 2011-12-20 18:17 -------- d-----w- c:\programdata\AVAST Software
2011-12-20 18:17 . 2011-12-20 18:17 -------- d-----w- c:\program files\AVAST Software
2011-12-20 17:48 . 2011-12-20 17:48 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2011-12-20 17:47 . 2011-12-20 17:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 17:47 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 17:47 . 2011-12-20 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 17:46 . 2011-12-20 17:46 -------- d--h--w- c:\programdata\Common Files
2011-12-20 17:35 . 2011-12-20 18:06 -------- d-----w- c:\programdata\MFAData
2011-12-20 17:11 . 2011-12-20 17:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys
2011-12-20 17:07 . 2011-12-20 17:07 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys
2011-12-20 16:50 . 2011-12-20 17:21 -------- d-----w- c:\users\Ben\AppData\Local\ElevatedDiagnostics
2011-12-20 16:43 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\mpengine.dll
2011-12-20 15:19 . 2011-12-20 15:20 -------- d-----w- c:\programdata\fC21800EiCoN21800
2011-12-17 11:10 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-17 11:10 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-17 11:10 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-12-15 23:31 . 2010-02-04 10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-15 23:31 . 2010-02-04 10:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-15 23:31 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-15 15:21 . 2011-12-15 15:28 -------- d-----w- c:\users\Ben\AppData\Local\BIT.TRIP RUNNER
2011-12-15 15:20 . 2011-12-15 15:20 -------- d-----w- c:\program files\OpenAL
2011-12-15 15:20 . 2011-12-17 12:51 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-14 10:39 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 10:39 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 10:39 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 10:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 10:38 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 10:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:16 . 2011-12-13 23:16 -------- d-----w- c:\users\Ben\AppData\Roaming\Nicalis
2011-11-21 09:39 . 2011-11-21 14:50 -------- d-----w- c:\users\Ben\AppData\Roaming\ShellFolderFix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 15:20 . 2010-12-20 21:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 15:20 . 2010-12-20 21:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-21 10:47 . 2011-08-22 05:32 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 23:28 . 2011-06-28 08:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 09:21 . 2011-10-11 09:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C83C2B88-53B1-4D39-9D33-AA7497CB8B2C}\gapaengine.dll
2011-09-29 16:03 . 2011-11-09 08:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AFD"="c:\windows\Regedit.exe" [2009-07-14 398336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi5"=ma_cmidn.dll
"midi6"=ma_cmidn.dll
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
2011-10-02 19:26 2456992 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-31 21:31 135664 ----atw- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2010-12-07 14:39 644104 ----a-w- c:\windows\System32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-13 05:54 8546848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\x3watch]
2011-03-04 14:56 303104 ----a-w- c:\program files\X3watch\x3watch.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R0 cgdcvltt;cgdcvltt;c:\windows\System32\drivers\ovwsrrah.sys [x]
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 MpKsl007aaa51;MpKsl007aaa51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83E04090-457D-4048-8202-52C97DC90EA0}\MpKsl007aaa51.sys [x]
R1 MpKsl04f51367;MpKsl04f51367;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{501314DA-C97D-42D5-B264-E34476AAB4E0}\MpKsl04f51367.sys [x]
R1 MpKsl0bd91f7b;MpKsl0bd91f7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B7454C8-04D8-4AC0-AE5B-EB7EAA2926A0}\MpKsl0bd91f7b.sys [x]
R1 MpKsl0cc7ce2e;MpKsl0cc7ce2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys [2011-12-21 29904]
R1 MpKsl1680758b;MpKsl1680758b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70FDD7C-B4C0-41AE-A144-351671DFA7EA}\MpKsl1680758b.sys [x]
R1 MpKsl19c41689;MpKsl19c41689;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4994223-E9EA-4767-8143-9ED50B45C5D4}\MpKsl19c41689.sys [x]
R1 MpKsl26029bf4;MpKsl26029bf4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8760CD52-AF7A-424B-8D71-BCAB4BA90C75}\MpKsl26029bf4.sys [x]
R1 MpKsl27d5bf1a;MpKsl27d5bf1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A2EA504-0C6F-4E18-B140-FCE28BCB021A}\MpKsl27d5bf1a.sys [x]
R1 MpKsl33fe2233;MpKsl33fe2233;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C703437-ED1B-4AC3-91C4-1D36E57D23D2}\MpKsl33fe2233.sys [x]
R1 MpKsl38467449;MpKsl38467449;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46E14EC-6E17-476D-97FC-FCF71CFECF2E}\MpKsl38467449.sys [x]
R1 MpKsl3d1dd100;MpKsl3d1dd100;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F746D39A-2754-4C85-8F18-BAE242972C63}\MpKsl3d1dd100.sys [x]
R1 MpKsl53b3ea4c;MpKsl53b3ea4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD8C813D-1F0F-47A6-9DB2-3A0939830340}\MpKsl53b3ea4c.sys [x]
R1 MpKsl54313b3e;MpKsl54313b3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D33995E-00FF-49DC-982B-D5EB64ED7AF3}\MpKsl54313b3e.sys [x]
R1 MpKsl6ed097b8;MpKsl6ed097b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DF8952-4161-4CBA-8FDF-60779DFC5C7A}\MpKsl6ed097b8.sys [x]
R1 MpKsl73b312e8;MpKsl73b312e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D3B7FBE-A9BE-48B6-9509-CA68CE2F49F3}\MpKsl73b312e8.sys [x]
R1 MpKsl7cda8f8b;MpKsl7cda8f8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46E14EC-6E17-476D-97FC-FCF71CFECF2E}\MpKsl7cda8f8b.sys [x]
R1 MpKsl7ed798a4;MpKsl7ed798a4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB463EE0-7A96-4AC6-9DC1-ABCE1DB9FA02}\MpKsl7ed798a4.sys [x]
R1 MpKsl7fcfbf72;MpKsl7fcfbf72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys [2011-12-21 29904]
R1 MpKsl837763df;MpKsl837763df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F890540A-133C-4471-BC8F-BA6B98D6D20F}\MpKsl837763df.sys [x]
R1 MpKsl85107fea;MpKsl85107fea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91B132D8-17D4-4575-A810-24B523D92538}\MpKsl85107fea.sys [x]
R1 MpKsl88aaaf86;MpKsl88aaaf86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A7BD345-9D1B-4C64-9767-AA2395144B96}\MpKsl88aaaf86.sys [x]
R1 MpKsl8ad51963;MpKsl8ad51963;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52AEA0F8-6432-4605-BB08-F220F51A9824}\MpKsl8ad51963.sys [x]
R1 MpKsl97a191b1;MpKsl97a191b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2E44701-E7F1-4E4C-92C0-AC3743251ECA}\MpKsl97a191b1.sys [x]
R1 MpKsl9a7a58ed;MpKsl9a7a58ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45E8C121-5AEF-42ED-8687-9799D3C740E1}\MpKsl9a7a58ed.sys [x]
R1 MpKsla2f9d444;MpKsla2f9d444;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CB14DC-6227-4974-90A2-250D385358FC}\MpKsla2f9d444.sys [x]
R1 MpKslad2aecf6;MpKslad2aecf6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8234F26B-6A24-455E-9023-C107B30D09C2}\MpKslad2aecf6.sys [x]
R1 MpKslb37c3aed;MpKslb37c3aed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C348B95-17D9-4E34-BF9D-885607F90461}\MpKslb37c3aed.sys [x]
R1 MpKslc0de43cf;MpKslc0de43cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{867B77E0-E371-4457-95ED-1AB0AB627F58}\MpKslc0de43cf.sys [x]
R1 MpKslca68fed9;MpKslca68fed9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCCBF3AF-D61C-4ABF-B66F-F5FDCA5048FB}\MpKslca68fed9.sys [x]
R1 MpKslccd16cc5;MpKslccd16cc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys [2011-12-20 29904]
R1 MpKslcd24449b;MpKslcd24449b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{338C4007-0D55-4B52-B256-CCFB999191F6}\MpKslcd24449b.sys [x]
R1 MpKsle0966d4b;MpKsle0966d4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45483E14-41BC-4AB9-8BDA-E5D8FAF8E175}\MpKsle0966d4b.sys [x]
R1 MpKsle7f82450;MpKsle7f82450;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40F2D279-6F72-4AA9-95AA-690300A8B0EE}\MpKsle7f82450.sys [x]
R1 MpKslead9003b;MpKslead9003b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys [2011-12-20 29904]
R1 MpKsled5d616f;MpKsled5d616f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0FA1878-E2B5-41FC-9CCA-FE53E13CB2AF}\MpKsled5d616f.sys [x]
R1 MpKslef033d16;MpKslef033d16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{114CC853-3F25-468B-A347-5CAB215A6622}\MpKslef033d16.sys [x]
R1 MpKslfc67b542;MpKslfc67b542;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CB14DC-6227-4974-90A2-250D385358FC}\MpKslfc67b542.sys [x]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 bbtest_svc;Broadband Test Application;c:\program files\Broadband Test Application\BroadbandTestApp.exe [2011-05-31 815104]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFU.sys [2007-08-28 16512]
R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 158600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\Drivers\xpad.sys [2004-08-01 12800]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 263056]
R4 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1592208]
R4 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1091984]
S1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2011-03-30 296160]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-04-07 6630912]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 14:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 14:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 21:31]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 21:31]
.
2011-12-21 c:\windows\Tasks\IsposureAgent.job
- c:\program files\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 20:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DriverMax_RESTART - c:\program files\Innovative Solutions\DriverMax\devices.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-SolidWorks_CheckForUpdates - c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-21 08:47:53
ComboFix-quarantined-files.txt 2011-12-21 08:47
.
Pre-Run: 9,089,753,088 bytes free
Post-Run: 9,012,178,944 bytes free
.
- - End Of File - - CF29E0BF6536BC1BE22BDEF58FF8C543

 

[Flumple]

Symptoms update: I'm still getting redirected in Google Chrome and when I try to boot in normal mode I still get a bsod around 30 seconds after logging on.

 

[Broni]

Run the fix listed below and AFTER that update me on your computer behavior.
Is Chrome the only browser getting redirected?

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\System32\drivers\ovwsrrah.sys

Driver::
cgdcvltt

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[Flumple]

Hi Broni,

I did as you said. Having run ComboFix in safe mode, it automatically rebooted my computer into normal mode. After start-up, the dialog box said "preparing log report" for a few minutes but then it blue-screened on me. I'm back in safe mode now and the log files can be seen below. I could run this again and go back into safe mode upon reboot if you'd like.

A few other things:

1) When my computer rebooted into normal mode my Avast started up too. Would you like me to disable this in msconfig?
2) Symptoms: I'm still getting "gcswf32.dll is not working" when browsing in Chrome. I'm still getting redirected in Chrome. I've just tried Googling in IE and Firefox and both of those are getting redirected too.

ComboFix Log:


ComboFix 11-12-21.02 - Ben 22/12/2011 3:12:41.2.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.1490 [GMT 0:00]
Running from: C:\Users\Ben\Desktop\ComboFix.exe
Command switches used :: C:\Users\Ben\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\System32\drivers\ovwsrrah.sys"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_cgdcvltt


((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))


2011-12-22 03:23:31 . 2011-12-22 03:23:32 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys
2011-12-22 03:21:18 . 2011-12-22 03:21:18 -------- d-----w- C:\Users\Default\AppData\Local\temp
2011-12-22 03:05:02 . 2011-12-22 03:23:00 56200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\offreg.dll
2011-12-21 14:51:08 . 2011-12-21 14:51:08 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys
2011-12-21 08:47:55 . 2011-12-22 03:26:48 -------- d-----w- C:\Users\Ben\AppData\Local\temp
2011-12-21 08:25:34 . 2011-12-21 08:25:34 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys
2011-12-21 08:23:34 . 2011-04-25 02:18:03 338944 ----a-w- C:\Windows\system32\drivers\afd.sys
2011-12-21 00:22:13 . 2011-12-21 00:22:13 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys
2011-12-20 18:17:43 . 2011-11-28 17:53:35 314456 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2011-12-20 18:17:43 . 2011-11-28 17:51:50 20568 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2011-12-20 18:17:38 . 2011-11-28 17:52:19 34392 ----a-w- C:\Windows\system32\drivers\aswRdr.sys
2011-12-20 18:17:36 . 2011-11-28 17:52:16 52952 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2011-12-20 18:17:34 . 2011-11-28 17:53:53 435032 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2011-12-20 18:17:33 . 2011-11-28 17:52:07 55128 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2011-12-20 18:17:21 . 2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-12-20 18:17:21 . 2011-11-28 18:01:23 199816 ----a-w- C:\Windows\system32\aswBoot.exe
2011-12-20 18:17:14 . 2011-12-20 18:17:14 -------- d-----w- C:\ProgramData\AVAST Software
2011-12-20 18:17:14 . 2011-12-20 18:17:14 -------- d-----w- C:\Program Files\AVAST Software
2011-12-20 17:48:43 . 2011-12-20 17:48:43 -------- d-----w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2011-12-20 17:47:58 . 2011-12-20 17:47:58 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-20 17:47:55 . 2011-08-31 17:00:50 22216 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-12-20 17:47:54 . 2011-12-20 17:48:02 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-12-20 17:46:59 . 2011-12-20 17:46:59 -------- d--h--w- C:\ProgramData\Common Files
2011-12-20 17:35:52 . 2011-12-20 18:06:05 -------- d-----w- C:\ProgramData\MFAData
2011-12-20 17:11:35 . 2011-12-20 17:11:36 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys
2011-12-20 17:07:52 . 2011-12-20 17:07:52 29904 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys
2011-12-20 16:50:59 . 2011-12-21 22:00:05 -------- d-----w- C:\Users\Ben\AppData\Local\ElevatedDiagnostics
2011-12-20 16:43:03 . 2011-11-21 10:47:38 6823496 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\mpengine.dll
2011-12-20 15:19:59 . 2011-12-20 15:20:17 -------- d-----w- C:\ProgramData\fC21800EiCoN21800
2011-12-17 11:10:10 . 2010-05-26 11:41:02 2106216 ----a-w- C:\Windows\system32\D3DCompiler_43.dll
2011-12-17 11:10:09 . 2010-05-26 11:41:02 1998168 ----a-w- C:\Windows\system32\D3DX9_43.dll
2011-12-17 11:10:05 . 2006-07-28 09:30:14 62744 ----a-w- C:\Windows\system32\xinput1_2.dll
2011-12-15 23:31:50 . 2010-02-04 10:01:14 74072 ----a-w- C:\Windows\system32\XAPOFX1_4.dll
2011-12-15 23:31:50 . 2010-02-04 10:01:14 528216 ----a-w- C:\Windows\system32\XAudio2_6.dll
2011-12-15 23:31:50 . 2009-09-04 17:29:32 1974616 ----a-w- C:\Windows\system32\D3DCompiler_42.dll
2011-12-15 15:21:03 . 2011-12-15 15:28:56 -------- d-----w- C:\Users\Ben\AppData\Local\BIT.TRIP RUNNER
2011-12-15 15:20:42 . 2011-12-15 15:20:42 -------- d-----w- C:\Program Files\OpenAL
2011-12-15 15:20:41 . 2011-12-17 12:51:25 -------- d--h--w- C:\Windows\msdownld.tmp
2011-12-14 10:39:49 . 2011-10-26 04:47:40 3912560 ----a-w- C:\Windows\system32\ntoskrnl.exe
2011-12-14 10:39:48 . 2011-10-26 04:47:40 3967856 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2011-12-14 10:39:42 . 2011-10-26 04:28:12 38912 ----a-w- C:\Windows\system32\csrsrv.dll
2011-12-14 10:39:35 . 2011-11-05 04:26:03 2048 ----a-w- C:\Windows\system32\tzres.dll
2011-12-14 10:38:53 . 2011-11-24 04:25:27 2342912 ----a-w- C:\Windows\system32\win32k.sys
2011-12-14 10:38:51 . 2011-10-15 05:38:59 534528 ----a-w- C:\Windows\system32\EncDec.dll
2011-12-13 23:16:49 . 2011-12-13 23:16:49 -------- d-----w- C:\Users\Ben\AppData\Roaming\Nicalis
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-15 15:20:42 . 2010-12-20 21:20:29 444952 ----a-w- C:\Windows\system32\wrap_oal.dll
2011-12-15 15:20:42 . 2010-12-20 21:20:29 109080 ----a-w- C:\Windows\system32\OpenAL32.dll
2011-11-21 10:47:38 . 2011-08-22 05:32:11 6823496 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-07 21:28:38 . 2011-11-07 21:28:38 56208 ----a-w- C:\Windows\system32\drivers\RapportKELL.sys
2011-10-24 14:29:02 . 2011-10-24 14:29:02 94208 ----a-w- C:\Windows\system32\QuickTimeVR.qtx
2011-10-24 14:29:02 . 2011-10-24 14:29:02 69632 ----a-w- C:\Windows\system32\QuickTime.qts
2011-10-21 23:28:22 . 2011-06-28 08:05:05 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 09:21:56 . 2011-10-11 09:22:31 703824 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C83C2B88-53B1-4D39-9D33-AA7497CB8B2C}\gapaengine.dll
2011-09-29 16:03:04 . 2011-11-09 08:52:45 1290608 ----a-w- C:\Windows\system32\drivers\tcpip.sys

 

[Broni]

Combofix log is incomplete.
Please post complete log or re-run it.

 

[Flumple]

ComboFix 11-12-21.02 - Ben 22/12/2011 5:17.3.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.2038.953 [GMT 0:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System32\drivers\ovwsrrah.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ben\AppData\Roaming\Help\coredb\storage
c:\users\Ben\AppData\Roaming\Skype\{083FA2E7-6F64-4F10-84E0-0912ED87A74C}\Validator.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_cgdcvltt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 05:25 . 2011-12-22 05:25 -------- d-----w- c:\users\Ben\AppData\Local\temp
2011-12-22 05:25 . 2011-12-22 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-22 03:23 . 2011-12-22 03:23 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys
2011-12-22 03:05 . 2011-12-22 03:33 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\offreg.dll
2011-12-21 14:51 . 2011-12-21 14:51 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys
2011-12-21 08:25 . 2011-12-21 08:25 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys
2011-12-21 08:23 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-21 00:22 . 2011-12-21 00:22 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys
2011-12-20 18:17 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-20 18:17 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-20 18:17 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-20 18:17 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-20 18:17 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-20 18:17 . 2011-11-28 17:52 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-12-20 18:17 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-20 18:17 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-20 18:17 . 2011-12-20 18:17 -------- d-----w- c:\programdata\AVAST Software
2011-12-20 18:17 . 2011-12-20 18:17 -------- d-----w- c:\program files\AVAST Software
2011-12-20 17:48 . 2011-12-20 17:48 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2011-12-20 17:47 . 2011-12-20 17:47 -------- d-----w- c:\programdata\Malwarebytes
2011-12-20 17:47 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-20 17:47 . 2011-12-20 17:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-20 17:46 . 2011-12-20 17:46 -------- d--h--w- c:\programdata\Common Files
2011-12-20 17:35 . 2011-12-20 18:06 -------- d-----w- c:\programdata\MFAData
2011-12-20 17:11 . 2011-12-20 17:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys
2011-12-20 17:07 . 2011-12-20 17:07 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys
2011-12-20 16:50 . 2011-12-21 22:00 -------- d-----w- c:\users\Ben\AppData\Local\ElevatedDiagnostics
2011-12-20 16:43 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\mpengine.dll
2011-12-20 15:19 . 2011-12-20 15:20 -------- d-----w- c:\programdata\fC21800EiCoN21800
2011-12-17 11:10 . 2010-05-26 11:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-12-17 11:10 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-12-17 11:10 . 2006-07-28 09:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2011-12-15 23:31 . 2010-02-04 10:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-12-15 23:31 . 2010-02-04 10:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2011-12-15 23:31 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-15 15:21 . 2011-12-15 15:28 -------- d-----w- c:\users\Ben\AppData\Local\BIT.TRIP RUNNER
2011-12-15 15:20 . 2011-12-15 15:20 -------- d-----w- c:\program files\OpenAL
2011-12-15 15:20 . 2011-12-17 12:51 -------- d--h--w- c:\windows\msdownld.tmp
2011-12-14 10:39 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 10:39 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 10:39 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 10:39 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 10:38 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 10:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 23:16 . 2011-12-13 23:16 -------- d-----w- c:\users\Ben\AppData\Roaming\Nicalis
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 15:20 . 2010-12-20 21:20 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-15 15:20 . 2010-12-20 21:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-21 10:47 . 2011-08-22 05:32 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-21 23:28 . 2011-06-28 08:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 09:21 . 2011-10-11 09:22 703824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C83C2B88-53B1-4D39-9D33-AA7497CB8B2C}\gapaengine.dll
2011-09-29 16:03 . 2011-11-09 08:52 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-21_08.45.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 23:57 . 2011-12-22 03:28 50072 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2011-12-22 03:28 57652 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-17 23:23 . 2011-12-22 03:28 19660 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-526593293-1210194780-548715179-1001_UserData.bin
- 2011-12-20 20:09 . 2011-12-21 07:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2011-12-20 20:09 . 2011-12-22 05:08 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2011-12-21 07:56 . 2011-12-21 07:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122120111222\index.dat
+ 2011-12-21 07:56 . 2011-12-21 16:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011122120111222\index.dat
+ 2011-12-20 17:27 . 2011-12-22 05:08 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-20 17:27 . 2011-12-21 07:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2011-12-21 08:25 . 2011-12-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-22 03:04 . 2011-12-22 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-21 08:25 . 2011-12-21 08:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-22 03:04 . 2011-12-22 03:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-17 20:55 . 2011-12-22 05:08 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-11-17 20:55 . 2011-12-21 07:49 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-17 20:40 . 2011-12-22 03:33 229376 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:34 . 2011-12-21 14:56 108016 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-17 20:40 . 2011-12-22 03:33 3915776 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-17 20:40 . 2011-12-21 08:31 3915776 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:34 . 2011-12-14 12:12 7439846 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2011-12-21 14:56 7439846 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:41 . 2011-12-22 03:33 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Ben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-24 1190920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi5"=ma_cmidn.dll
"midi6"=ma_cmidn.dll
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WD Quick View.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
backup=c:\windows\pss\WD Quick View.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Ben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 07:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisplayFusion]
2011-10-02 19:26 2456992 ----a-w- c:\program files\DisplayFusion\DisplayFusion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-31 21:31 135664 ----atw- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2010-12-07 14:39 644104 ----a-w- c:\windows\System32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 14:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-13 05:54 8546848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\x3watch]
2011-03-04 14:56 303104 ----a-w- c:\program files\X3watch\x3watch.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-11-07 56208]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 MpKsl007aaa51;MpKsl007aaa51;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83E04090-457D-4048-8202-52C97DC90EA0}\MpKsl007aaa51.sys [x]
R1 MpKsl04f51367;MpKsl04f51367;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{501314DA-C97D-42D5-B264-E34476AAB4E0}\MpKsl04f51367.sys [x]
R1 MpKsl0bd91f7b;MpKsl0bd91f7b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2B7454C8-04D8-4AC0-AE5B-EB7EAA2926A0}\MpKsl0bd91f7b.sys [x]
R1 MpKsl0cc7ce2e;MpKsl0cc7ce2e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys [2011-12-21 29904]
R1 MpKsl1680758b;MpKsl1680758b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70FDD7C-B4C0-41AE-A144-351671DFA7EA}\MpKsl1680758b.sys [x]
R1 MpKsl19c41689;MpKsl19c41689;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4994223-E9EA-4767-8143-9ED50B45C5D4}\MpKsl19c41689.sys [x]
R1 MpKsl1f357395;MpKsl1f357395;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl1f357395.sys [2011-12-21 29904]
R1 MpKsl26029bf4;MpKsl26029bf4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8760CD52-AF7A-424B-8D71-BCAB4BA90C75}\MpKsl26029bf4.sys [x]
R1 MpKsl27d5bf1a;MpKsl27d5bf1a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A2EA504-0C6F-4E18-B140-FCE28BCB021A}\MpKsl27d5bf1a.sys [x]
R1 MpKsl33fe2233;MpKsl33fe2233;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9C703437-ED1B-4AC3-91C4-1D36E57D23D2}\MpKsl33fe2233.sys [x]
R1 MpKsl38467449;MpKsl38467449;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46E14EC-6E17-476D-97FC-FCF71CFECF2E}\MpKsl38467449.sys [x]
R1 MpKsl3d1dd100;MpKsl3d1dd100;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F746D39A-2754-4C85-8F18-BAE242972C63}\MpKsl3d1dd100.sys [x]
R1 MpKsl53b3ea4c;MpKsl53b3ea4c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD8C813D-1F0F-47A6-9DB2-3A0939830340}\MpKsl53b3ea4c.sys [x]
R1 MpKsl54313b3e;MpKsl54313b3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D33995E-00FF-49DC-982B-D5EB64ED7AF3}\MpKsl54313b3e.sys [x]
R1 MpKsl61a736c7;MpKsl61a736c7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys [2011-12-21 29904]
R1 MpKsl6ed097b8;MpKsl6ed097b8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85DF8952-4161-4CBA-8FDF-60779DFC5C7A}\MpKsl6ed097b8.sys [x]
R1 MpKsl73b312e8;MpKsl73b312e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D3B7FBE-A9BE-48B6-9509-CA68CE2F49F3}\MpKsl73b312e8.sys [x]
R1 MpKsl7cda8f8b;MpKsl7cda8f8b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46E14EC-6E17-476D-97FC-FCF71CFECF2E}\MpKsl7cda8f8b.sys [x]
R1 MpKsl7ed798a4;MpKsl7ed798a4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB463EE0-7A96-4AC6-9DC1-ABCE1DB9FA02}\MpKsl7ed798a4.sys [x]
R1 MpKsl7fcfbf72;MpKsl7fcfbf72;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys [2011-12-21 29904]
R1 MpKsl837763df;MpKsl837763df;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F890540A-133C-4471-BC8F-BA6B98D6D20F}\MpKsl837763df.sys [x]
R1 MpKsl85107fea;MpKsl85107fea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{91B132D8-17D4-4575-A810-24B523D92538}\MpKsl85107fea.sys [x]
R1 MpKsl866aae3c;MpKsl866aae3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl866aae3c.sys [2011-12-21 29904]
R1 MpKsl88aaaf86;MpKsl88aaaf86;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A7BD345-9D1B-4C64-9767-AA2395144B96}\MpKsl88aaaf86.sys [x]
R1 MpKsl8ad51963;MpKsl8ad51963;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52AEA0F8-6432-4605-BB08-F220F51A9824}\MpKsl8ad51963.sys [x]
R1 MpKsl97a191b1;MpKsl97a191b1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C2E44701-E7F1-4E4C-92C0-AC3743251ECA}\MpKsl97a191b1.sys [x]
R1 MpKsl9a7a58ed;MpKsl9a7a58ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45E8C121-5AEF-42ED-8687-9799D3C740E1}\MpKsl9a7a58ed.sys [x]
R1 MpKsla2f9d444;MpKsla2f9d444;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CB14DC-6227-4974-90A2-250D385358FC}\MpKsla2f9d444.sys [x]
R1 MpKsla6392b7c;MpKsla6392b7c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys [2011-12-22 29904]
R1 MpKslad2aecf6;MpKslad2aecf6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8234F26B-6A24-455E-9023-C107B30D09C2}\MpKslad2aecf6.sys [x]
R1 MpKslb37c3aed;MpKslb37c3aed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C348B95-17D9-4E34-BF9D-885607F90461}\MpKslb37c3aed.sys [x]
R1 MpKslc0de43cf;MpKslc0de43cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{867B77E0-E371-4457-95ED-1AB0AB627F58}\MpKslc0de43cf.sys [x]
R1 MpKslca68fed9;MpKslca68fed9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCCBF3AF-D61C-4ABF-B66F-F5FDCA5048FB}\MpKslca68fed9.sys [x]
R1 MpKslccd16cc5;MpKslccd16cc5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys [2011-12-20 29904]
R1 MpKslcd24449b;MpKslcd24449b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{338C4007-0D55-4B52-B256-CCFB999191F6}\MpKslcd24449b.sys [x]
R1 MpKsle0966d4b;MpKsle0966d4b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45483E14-41BC-4AB9-8BDA-E5D8FAF8E175}\MpKsle0966d4b.sys [x]
R1 MpKsle7f82450;MpKsle7f82450;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{40F2D279-6F72-4AA9-95AA-690300A8B0EE}\MpKsle7f82450.sys [x]
R1 MpKslead9003b;MpKslead9003b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys [2011-12-20 29904]
R1 MpKsled5d616f;MpKsled5d616f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0FA1878-E2B5-41FC-9CCA-FE53E13CB2AF}\MpKsled5d616f.sys [x]
R1 MpKslef033d16;MpKslef033d16;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{114CC853-3F25-468B-A347-5CAB215A6622}\MpKslef033d16.sys [x]
R1 MpKslfc67b542;MpKslfc67b542;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70CB14DC-6227-4974-90A2-250D385358FC}\MpKslfc67b542.sys [x]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 55128]
R2 bbtest_svc;Broadband Test Application;c:\program files\Broadband Test Application\BroadbandTestApp.exe [2011-05-31 815104]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 136176]
R3 MADFU;MADFU;c:\windows\system32\DRIVERS\MADFU.sys [2007-08-28 16512]
R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]
R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [2010-12-07 158600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UKS11LDR;M-Audio USB Keystation Loader;c:\windows\system32\drivers\uks11ldr.sys [2007-11-14 20168]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]
R3 XPAD;XBox Controllers USB HID Mini Driver;c:\windows\system32\Drivers\xpad.sys [2004-08-01 12800]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
R4 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 263056]
R4 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1592208]
R4 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1091984]
S1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2011-03-30 296160]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-04-07 6630912]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 14:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 14:51]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 21:31]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526593293-1210194780-548715179-1001UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 21:31]
.
2011-12-22 c:\windows\Tasks\IsposureAgent.job
- c:\program files\Broadband Test Application\BroadbandTestApp.exe [2011-03-24 20:12]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-RunOnce-KeApplet - c:\users\Ben\AppData\Roaming\Skype\{083FA2E7-6F64-4F10-84E0-0912ED87A74C}\Validator.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-22 05:28:16
ComboFix-quarantined-files.txt 2011-12-22 05:28
ComboFix2.txt 2011-12-21 08:47
.
Pre-Run: 8,941,948,928 bytes free
Post-Run: 8,990,490,624 bytes free
.
- - End Of File - - C1395D4C8ADCA2CC819C37211F56D60E

 

[Broni]

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Flumple]

OTL logfile created on: 22/12/2011 05:44:12 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.77% Memory free
3.98 Gb Paging File | 3.41 Gb Available in Paging File | 85.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.80 Gb Total Space | 8.46 Gb Free Space | 13.91% Space Free | Partition Type: NTFS
Drive D: | 47.64 Gb Total Space | 6.87 Gb Free Space | 14.42% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 05:37:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/01 06:34:44 | 000,064,000 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 20:12:19 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto | Stopped] -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/24 19:13:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/18 08:56:41 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/22 03:23:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys -- (MpKsla6392b7c)
DRV - [2011/12/21 20:49:32 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl1f357395.sys -- (MpKsl1f357395)
DRV - [2011/12/21 15:02:15 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl866aae3c.sys -- (MpKsl866aae3c)
DRV - [2011/12/21 14:51:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys -- (MpKsl61a736c7)
DRV - [2011/12/21 08:25:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys -- (MpKsl7fcfbf72)
DRV - [2011/12/21 00:22:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys -- (MpKsl0cc7ce2e)
DRV - [2011/12/20 17:11:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys -- (MpKslead9003b)
DRV - [2011/12/20 17:07:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys -- (MpKslccd16cc5)
DRV - [2011/12/15 17:02:16 | 000,228,208 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 13:27:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 14:53:12 | 000,296,160 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\ExpanDrive.sys -- (ExpanDrive)
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 14:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/30 13:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 13:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 13:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 13:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 11:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 11:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/04/07 18:42:24 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/10/02 14:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)
DRV - [2009/10/02 14:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/21 02:03:06 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2007/11/14 16:20:06 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2007/08/28 14:05:38 | 000,016,512 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MADFU.sys -- (MADFU)
DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2004/08/01 18:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Xpad.sys -- (XPAD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 3E 7A 96 5B C0 CC 01 [binary data]
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 21:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]

[2009/12/27 23:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2009/12/27 23:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/06/25 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\extensions
[2010/03/25 21:00:32 | 000,002,371 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\searchplugins\google-dictionary.xml
[2011/08/09 08:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 21:41:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/07 17:44:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/05 15:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/21 10:20:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/21 10:20:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/21 10:20:26 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/21 10:20:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube Player Keyboard Controls = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmmkkafaceodfjgdnoiejlbmiooiafb\0.1.1_0\
CHR - Extension: SmoothScroll = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.6_0\
CHR - Extension: Speed Dial = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: Springpad = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\4_0\
CHR - Extension: Easy Youtube Video Downloader = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem\4.1_0\
CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.8_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: BBC Good Food = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\3_0\
CHR - Extension: Speed Dial 2 = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.5.9.1_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\1.6_0\
CHR - Extension: Greyscale = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0\

O1 HOSTS File: ([2011/12/22 05:25:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: midi1 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi5 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi6 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

CREATERESTOREPOINT
Error creating restore point.

 

[Flumple]

It would appear that the google redirecting has stopped occuring. I'll try booting in normal mode now to see if the bsod problem has gone.

 

[Broni]

Let me know.

OTL.txt log is incomplete and I still need Extras.txt.
It'd be better if you run OTL from normal mode.

 

[Flumple]

I tried booting in normal mode again and got a blue-screen after around 4 minutes. I'll run OTL again in safe mode now.

 

[Flumple]

I'm afraid that there is no Extra.txt file being produced. The first time I ran OTL it froze, I wasn't aware that I would only get an Extra.txt file the first time. Here is a new OTL.txt log though:

OTL logfile created on: 22/12/2011 06:52:23 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ben\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.54% Memory free
3.98 Gb Paging File | 3.51 Gb Available in Paging File | 88.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.80 Gb Total Space | 8.43 Gb Free Space | 13.86% Space Free | Partition Type: NTFS
Drive D: | 47.64 Gb Total Space | 6.87 Gb Free Space | 14.42% Space Free | Partition Type: NTFS

Computer Name: BEN-PC | User Name: Ben | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/22 06:25:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/11/28 18:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 20:12:19 | 000,815,104 | ---- | M] (Epitiro Ltd.) [Auto | Stopped] -- C:\Program Files\Broadband Test Application\BroadbandTestApp.exe -- (bbtest_svc)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/12/08 13:31:06 | 000,628,736 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/24 19:13:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/18 08:56:41 | 000,079,360 | ---- | M] (SolidWorks) [Disabled | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2009/07/16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/29 11:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2005/09/23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2011/12/22 06:14:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsle179b900.sys -- (MpKsle179b900)
DRV - [2011/12/22 03:23:32 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsla6392b7c.sys -- (MpKsla6392b7c)
DRV - [2011/12/21 20:49:32 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl1f357395.sys -- (MpKsl1f357395)
DRV - [2011/12/21 15:02:15 | 000,029,904 | ---- | M] () [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl866aae3c.sys -- (MpKsl866aae3c)
DRV - [2011/12/21 14:51:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl61a736c7.sys -- (MpKsl61a736c7)
DRV - [2011/12/21 08:25:34 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl7fcfbf72.sys -- (MpKsl7fcfbf72)
DRV - [2011/12/21 00:22:13 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKsl0cc7ce2e.sys -- (MpKsl0cc7ce2e)
DRV - [2011/12/20 17:11:36 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslead9003b.sys -- (MpKslead9003b)
DRV - [2011/12/20 17:07:52 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68530025-E927-4343-829A-04526362C165}\MpKslccd16cc5.sys -- (MpKslccd16cc5)
DRV - [2011/12/15 17:02:16 | 000,228,208 | ---- | M] () [Kernel | System | Stopped] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/28 17:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 17:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 17:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 17:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 17:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 17:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 13:27:04 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/03/30 14:53:12 | 000,296,160 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\ExpanDrive.sys -- (ExpanDrive)
DRV - [2011/02/16 15:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/12/07 14:39:30 | 000,158,600 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/30 13:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 13:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 13:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 13:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/07/26 11:24:46 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/07/26 11:24:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/04/07 18:42:24 | 006,630,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/10/02 14:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)
DRV - [2009/10/02 14:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/25 11:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/04/29 11:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/21 02:03:06 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2007/11/14 16:20:06 | 000,020,168 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\uks11ldr.sys -- (UKS11LDR)
DRV - [2007/11/14 16:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MA_CMIDI.SYS -- (MA_CMIDI)
DRV - [2007/08/28 14:05:38 | 000,016,512 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MADFU.sys -- (MADFU)
DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2004/08/01 18:18:30 | 000,012,800 | ---- | M] (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Xpad.sys -- (XPAD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 3E 7A 96 5B C0 CC 01 [binary data]
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/ig"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: ""
FF - prefs.js..extension.gacela.network.proxy.type: 5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.co.uk/search?btnI=I%27m+Feeling+Lucky&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/04/06 21:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/31 23:44:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/31 23:44:40 | 000,000,000 | ---D | M]

[2009/12/27 23:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2009/12/27 23:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2010/06/25 11:17:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\extensions
[2010/03/25 21:00:32 | 000,002,371 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0n2l19cn.default\searchplugins\google-dictionary.xml
[2011/08/09 08:58:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/18 21:41:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/07 17:44:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/05 15:47:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/21 10:20:26 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/21 10:20:26 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/21 10:20:26 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/21 10:20:26 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Ben\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube Player Keyboard Controls = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmmkkafaceodfjgdnoiejlbmiooiafb\0.1.1_0\
CHR - Extension: SmoothScroll = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn\1.0.6_0\
CHR - Extension: Speed Dial = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: Springpad = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\4_0\
CHR - Extension: Easy Youtube Video Downloader = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmknocfkgffdgekmfonabppnhdgmghem\4.1_0\
CHR - Extension: AdBlock = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.8_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: BBC Good Food = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\3_0\
CHR - Extension: Speed Dial 2 = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.5.9.1_0\
CHR - Extension: Auto HD For YouTube = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak\1.6_0\
CHR - Extension: Greyscale = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\penkfbldfkaelnnhblmfmajlggdielfm\1.0\

O1 HOSTS File: ([2011/12/22 05:25:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-526593293-1210194780-548715179-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC4E04F9-A68D-42DB-B64D-E5661D0D2195}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: midi1 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi5 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: midi6 - C:\Windows\System32\MA_CMIDN.DLL (M-Audio)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

CREATERESTOREPOINT
Error creating restore point.

 

[Flumple]

I can't seem to post the rest of the log file. Each time my browser won't load the page when I click post. I've attached it instead, hope that's ok.

 

[Flumple]

Having restarted my computer a couple of times, I'm now getting redirected again.

 

[Broni]

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[Flumple]

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Service Pack 1 (build 7601), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...

 

[Broni]

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

 

[Flumple]

***Infected MBR detected
Repair succeeded.

I'm running in normal mode! By golly it's good to be back. Just ran a few Google searches too and didn't get redirected. Also the "gcswf32.dll is not working" seems to have stopped happening when browsing the web.

What would you like me to do now?

 

[Broni]

Good news

Post new Bootkit Remover log.

 

[Flumple]

Now I have a more serious problem:

The computer was running fine for around 5 minutes, then it froze up and I had to restart it. Now whenever I switch it on (choosing normal or safe mode) I get an instant bsod which says the following:

"A problem has been detected and Windows has been shut down to prevent damage to your computer
...
*** STOP: 0x0000007B (0x80786B58, 0xC000000D, 0x00000000, 0x00000000)"