Browser Redirect Issues [Archive] - Safer-Networking Forums

View Full Version : Browser Redirect Issues

Chris17

2011-10-26, 18:40

I think my computer is infected with spyware. Every time I browse with Firefox (http://forums.spybot.info/vbglossar.php?do=showentry&item=Firefox) and Internet explorer via Google I am redirected to completely irrelevant adverts. This happens approximately 50% of the time while I am browsing. I have ran Firefox (http://forums.spybot.info/vbglossar.php?do=showentry&item=Firefox) in safe mode and scanned with various anti-virus/malware programs but the problem still persists. Strangely though, I have not been redirected whilst using Google Chrome. At first I though this may have been an issue with some of the web browsers I have been using however I was using the internet on my mobile phone and I got redirected to a similar ad site on my home network. Perhaps the problem lies with my service provider? I have also tried countless reinstalls of my operating system (Windows 7) but unfortunately this hasn't solved the problem to my surprise. I'm getting very frustrated now as Firefox (http://forums.spybot.info/vbglossar.php?do=showentry&item=Firefox) is the browser I like to use for every day tasks. Any help would be greatly appreciated, I have much respect for what you experts on here do!

(I have a Dell Inspiron 1750 Laptop, if this helps)
http://forums.spybot.info/showthread.php?t=64250
---------------------------------------------------------
Sorry for not reading the rules. Here is my DDS log. I have also attached the other file in a zip folder, thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Chris at 16:29:25 on 2011-10-26
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2008.815 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 95.168.162.12 95.168.162.22
TCP: Interfaces\{BDEE6F1F-8F31-4AF6-8FB7-810E5F8AC142} : DhcpNameServer = 95.168.162.12 95.168.162.22
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2011-10-26 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-26 12:46:10 -------- d-----w- C:\Windows\en
2011-10-26 12:44:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-10-26 12:43:09 -------- d-----w- C:\Windows\PCHEALTH
2011-10-26 12:42:18 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-10-26 12:42:18 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-10-26 12:42:17 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-10-26 12:42:17 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-10-26 12:41:37 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-10-26 12:41:37 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-10-26 12:41:03 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\858239b41cc93dc03\DSETUP.dll
2011-10-26 12:41:03 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\858239b41cc93dc03\DXSETUP.exe
2011-10-26 12:41:03 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\858239b41cc93dc03\dsetup32.dll
2011-10-26 12:40:59 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81687adb1cc93dc02\DSETUP.dll
2011-10-26 12:40:59 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81687adb1cc93dc02\DXSETUP.exe
2011-10-26 12:40:59 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81687adb1cc93dc02\dsetup32.dll
2011-10-26 12:40:28 -------- d-----w- C:\Users\Chris\AppData\Local\Windows Live
2011-10-26 12:40:24 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-10-26 12:36:44 -------- d-----w- C:\Program Files\PeerBlock
2011-10-26 12:23:28 -------- d-----w- C:\Users\Chris\AppData\Roaming\Azureus
2011-10-26 12:22:57 -------- d-----w- C:\Program Files (x86)\Vuze
2011-10-26 12:22:07 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-10-26 12:21:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 12:19:42 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-26 11:46:53 -------- d-----w- C:\Program Files\CCleaner
2011-10-26 11:36:27 -------- d--h--w- C:\$AVG
2011-10-26 10:39:32 -------- d-----w- C:\Windows\Panther
2011-10-26 02:33:53 -------- d-----w- C:\Program Files\Synaptics
2011-10-26 02:33:33 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-10-26 02:33:33 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-10-26 02:33:33 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2011-10-26 02:33:33 1436920 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-10-26 02:33:33 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-10-26 02:33:32 395048 ----a-w- C:\Windows\System32\SynCOM.dll
2011-10-26 02:33:32 273456 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-10-26 02:33:32 260904 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-10-26 02:33:32 203560 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-10-26 02:30:20 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2011-10-26 02:30:20 601088 ----a-w- C:\Windows\System32\ctapo64.dll
2011-10-26 02:30:20 524288 ----a-w- C:\Windows\System32\ctapo32.dll
2011-10-26 02:30:20 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2011-10-26 02:30:20 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
2011-10-26 02:30:19 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2011-10-26 02:30:19 57856 ----a-w- C:\Windows\System32\ctppld64.dll
2011-10-26 02:30:19 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2011-10-26 02:30:19 3345408 ----a-w- C:\Windows\System32\stlang64.dll
2011-10-26 02:30:19 12605952 ----a-w- C:\Windows\System32\idtcpl64.cpl
2011-10-26 02:30:17 -------- d-----w- C:\Windows\System32\SRSLabs
2011-10-26 02:29:45 644608 ------w- C:\Windows\System32\stapi64.dll
2011-10-26 02:29:45 505856 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2011-10-26 02:29:45 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2011-10-26 02:29:45 209920 ----a-w- C:\Windows\System32\st646272.dll
2011-10-26 02:29:45 1472000 ----a-w- C:\Windows\System32\stapo64.dll
2011-10-26 02:29:44 524288 ----a-w- C:\Windows\SysWow64\ctapo32.dll
2011-10-26 02:29:43 -------- d-----w- C:\Program Files\IDT
2011-10-26 02:26:02 -------- d-----w- C:\Program Files\Dell
2011-10-26 02:20:59 92216 ----a-w- C:\Windows\SysWow64\igfcg500m.bin
2011-10-26 02:18:20 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-10-26 02:16:58 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-10-26 02:15:17 -------- d-----w- C:\Program Files (x86)\Dell
2011-10-26 02:14:14 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG2012
2011-10-26 02:13:40 -------- d-----w- C:\dell
2011-10-26 02:13:07 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-10-26 02:13:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-10-26 02:13:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-10-26 02:13:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-10-26 02:13:07 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-10-26 02:13:07 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-10-26 02:12:56 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-10-26 02:12:56 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-10-26 02:12:56 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-10-26 02:12:30 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-26 02:12:27 605552 ----a-w- C:\Windows\System32\winload.exe
2011-10-26 02:12:27 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-10-26 02:12:26 642944 ----a-w- C:\Windows\System32\winload.efi
2011-10-26 02:12:26 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-10-26 02:12:26 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-10-26 02:12:26 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-10-26 02:12:26 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-10-26 02:10:21 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-26 02:09:48 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-10-26 02:09:47 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-10-26 02:09:47 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-10-26 02:09:07 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-26 02:09:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2594575D-C885-43D6-BEB1-315BA4297F57}\mpengine.dll
2011-10-26 02:06:41 -------- d-----w- C:\Users\Chris\AppData\Local\Google
2011-10-26 02:06:05 -------- d-----w- C:\Users\Chris\AppData\Local\Apps
2011-10-26 02:06:04 -------- d-----w- C:\Users\Chris\AppData\Local\Deployment
2011-10-26 02:04:27 -------- d-sh--w- C:\Windows\Installer
2011-10-26 02:04:16 -------- d--h--w- C:\ProgramData\Common Files
2011-10-26 02:04:04 -------- d-----w- C:\ProgramData\MFAData
2011-10-26 01:52:11 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-26 01:52:11 -------- d-----w- C:\Windows\System32\Wat
2011-10-26 01:51:05 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-10-26 01:52:27 14848 ----a-w- C:\Windows\System32\slwga.dll
2011-10-26 01:52:27 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2011-10-26 01:52:26 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-10-26 01:52:26 1008640 ----a-w- C:\Windows\System32\user32.dll
2011-10-26 01:52:25 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-09-13 05:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-08 05:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 16:30:00.27 ===============

ken545

2011-10-28, 20:06

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista - win 7).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Post the following logs please, if you need more than one post to do so thats ok

1. Log from Goodedfix
2. aswMBR log
3. OTL log

Chris17

2011-10-28, 21:04

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:36 on 28/10/2011 (Chris)
Firefox version 7.0.1 (en-GB)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:35 28/10/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4\" [02:11 26/10/2011]

---------- Old Logs ----------

-=E.O.F=-

Chris17

2011-10-28, 21:04

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-28 18:41:57
-----------------------------
18:41:57.820 OS Version: Windows x64 6.1.7601 Service Pack 1
18:41:57.820 Number of processors: 2 586 0x170A
18:41:57.820 ComputerName: CHRIS-PC UserName: Chris
18:41:58.584 Initialize success
18:42:24.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:42:24.338 Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 11
18:42:26.351 Disk 0 MBR read successfully
18:42:26.366 Disk 0 MBR scan
18:42:26.366 Disk 0 Windows 7 default MBR code
18:42:26.366 Service scanning
18:42:27.973 Modules scanning
18:42:27.973 Disk 0 trace - called modules:
18:42:27.989 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:42:27.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800259c060]
18:42:28.004 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002269060]
18:42:28.004 Scan finished successfully
18:43:42.853 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
18:43:42.853 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Chris17

2011-10-28, 21:08

OTL logfile created on: 28/10/2011 18:46:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.17% Memory free
3.92 Gb Paging File | 2.87 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 204.74 Gb Free Space | 87.95% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Chris\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 D3 A1 AA 82 93 CC 01 [binary data]
IE - HKU\S-1-5-21-3497962090-3289448001-634673441-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/10/26 03:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/28 18:35:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/28 18:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 95.168.162.12 95.168.162.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDEE6F1F-8F31-4AF6-8FB7-810E5F8AC142}: DhcpNameServer = 95.168.162.12 95.168.162.22
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Chris17

2011-10-28, 21:09

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 18:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/28 18:34:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GooredFix Backups
[2011/10/27 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/27 00:01:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/10/27 00:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/10/26 21:46:29 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Skype
[2011/10/26 21:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/26 21:46:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/10/26 21:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/26 17:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/10/26 17:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2011/10/26 17:06:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/10/26 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/10/26 17:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/10/26 17:02:56 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/26 17:01:46 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/26 17:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011/10/26 17:01:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/10/26 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2011/10/26 17:01:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011/10/26 16:29:02 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/26 16:29:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/26 16:29:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/26 16:29:02 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/26 16:29:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/26 16:29:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/26 16:29:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/26 16:28:36 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/10/26 16:28:36 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/10/26 16:28:30 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/10/26 16:28:30 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/10/26 16:28:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/10/26 16:28:30 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/10/26 16:28:30 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/10/26 16:28:29 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/10/26 16:28:29 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/10/26 13:46:10 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/10/26 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/10/26 13:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/10/26 13:43:09 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/10/26 13:42:18 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2011/10/26 13:42:18 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2011/10/26 13:42:17 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2011/10/26 13:42:17 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011/10/26 13:41:37 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/10/26 13:41:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/10/26 13:40:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Windows Live
[2011/10/26 13:40:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/10/26 13:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/10/26 13:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/10/26 13:23:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Azureus
[2011/10/26 13:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze
[2011/10/26 13:22:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011/10/26 13:21:15 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/26 13:21:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/10/26 13:21:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/26 13:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/26 13:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 13:19:42 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/10/26 13:19:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 13:19:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 13:19:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/26 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/10/26 12:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/10/26 12:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/26 12:45:49 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Vuze Downloads
[2011/10/26 12:44:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\BTEC_Gaming
[2011/10/26 12:44:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\ComEmploy
[2011/10/26 12:44:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\My Recieved Files
[2011/10/26 12:36:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/10/26 12:23:07 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/10/26 12:23:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/10/26 12:23:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/10/26 12:23:07 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/10/26 12:23:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/10/26 12:23:04 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/26 12:23:04 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/26 12:23:04 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/26 12:23:03 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/26 11:39:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/10/26 03:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2011/10/26 03:33:33 | 001,436,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2011/10/26 03:33:33 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2011/10/26 03:33:33 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2011/10/26 03:33:33 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2011/10/26 03:33:33 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2011/10/26 03:33:32 | 000,395,048 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2011/10/26 03:33:32 | 000,273,456 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2011/10/26 03:33:32 | 000,260,904 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2011/10/26 03:33:32 | 000,203,560 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2011/10/26 03:30:20 | 000,601,088 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo64.dll
[2011/10/26 03:30:20 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctapo32.dll
[2011/10/26 03:30:20 | 000,442,368 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2011/10/26 03:30:20 | 000,162,304 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2011/10/26 03:30:20 | 000,068,608 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2011/10/26 03:30:19 | 012,605,952 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl
[2011/10/26 03:30:19 | 003,345,408 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2011/10/26 03:30:19 | 000,564,224 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe
[2011/10/26 03:30:19 | 000,090,624 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2011/10/26 03:30:19 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\ctppld64.dll
[2011/10/26 03:30:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2011/10/26 03:29:45 | 001,472,000 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2011/10/26 03:29:45 | 000,644,608 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2011/10/26 03:29:45 | 000,505,856 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2011/10/26 03:29:45 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2011/10/26 03:29:45 | 000,209,920 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\st646272.dll
[2011/10/26 03:29:44 | 000,524,288 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\ctapo32.dll
[2011/10/26 03:29:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/10/26 03:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/10/26 03:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2011/10/26 03:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/10/26 03:21:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2011/10/26 03:21:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2011/10/26 03:21:27 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2011/10/26 03:21:01 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\oemdspif.dll
[2011/10/26 03:21:00 | 001,305,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v1808.dll
[2011/10/26 03:21:00 | 000,491,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2011/10/26 03:21:00 | 000,371,200 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2011/10/26 03:21:00 | 000,301,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2011/10/26 03:21:00 | 000,296,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2011/10/26 03:21:00 | 000,293,376 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2011/10/26 03:21:00 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2011/10/26 03:21:00 | 000,289,792 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2011/10/26 03:21:00 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2011/10/26 03:21:00 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2011/10/26 03:21:00 | 000,282,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2011/10/26 03:21:00 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2011/10/26 03:21:00 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2011/10/26 03:21:00 | 000,264,704 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2011/10/26 03:21:00 | 000,208,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2011/10/26 03:21:00 | 000,207,360 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2011/10/26 03:21:00 | 000,165,912 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2011/10/26 03:21:00 | 000,055,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2011/10/26 03:20:59 | 005,694,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2011/10/26 03:20:59 | 005,613,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2011/10/26 03:20:59 | 000,841,240 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcfg.exe
[2011/10/26 03:20:59 | 000,548,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2011/10/26 03:20:59 | 000,365,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2011/10/26 03:20:59 | 000,312,832 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2011/10/26 03:20:59 | 000,306,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2011/10/26 03:20:59 | 000,305,664 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2011/10/26 03:20:59 | 000,305,664 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2011/10/26 03:20:59 | 000,305,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresp.lrc
[2011/10/26 03:20:59 | 000,290,304 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2011/10/26 03:20:59 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2011/10/26 03:20:59 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2011/10/26 03:20:59 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2011/10/26 03:20:59 | 000,278,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2011/10/26 03:20:59 | 000,257,536 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2011/10/26 03:20:59 | 000,254,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2011/10/26 03:20:59 | 000,251,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2011/10/26 03:20:59 | 000,246,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2011/10/26 03:20:59 | 000,215,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2011/10/26 03:20:59 | 000,215,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2011/10/26 03:20:59 | 000,181,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2011/10/26 03:20:59 | 000,180,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2011/10/26 03:20:59 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2011/10/26 03:20:59 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2011/10/26 03:20:59 | 000,027,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2011/10/26 03:20:58 | 008,095,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2011/10/26 03:20:58 | 007,333,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2011/10/26 03:20:58 | 003,646,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2011/10/26 03:20:57 | 006,042,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/26 03:20:57 | 005,195,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4dev64.dll
[2011/10/26 03:20:57 | 003,838,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4dev32.dll
[2011/10/26 03:20:57 | 000,385,560 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2011/10/26 03:20:57 | 000,108,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2011/10/26 03:20:57 | 000,106,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2011/10/26 03:18:20 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011/10/26 03:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011/10/26 03:17:50 | 000,000,000 | ---D | C] -- C:\Intel
[2011/10/26 03:17:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/10/26 03:17:35 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/10/26 03:17:35 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/10/26 03:17:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/10/26 03:17:35 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/10/26 03:17:35 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/10/26 03:17:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/10/26 03:17:35 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/10/26 03:17:35 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/10/26 03:17:35 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/10/26 03:17:28 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011/10/26 03:17:28 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011/10/26 03:17:05 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/10/26 03:17:05 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/10/26 03:17:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/10/26 03:17:03 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/10/26 03:17:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/10/26 03:17:03 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/10/26 03:17:02 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/10/26 03:17:02 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/10/26 03:17:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/10/26 03:17:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/10/26 03:16:58 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/10/26 03:16:58 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/10/26 03:16:58 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/10/26 03:16:57 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/10/26 03:16:57 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/10/26 03:16:57 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/10/26 03:16:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/10/26 03:16:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/10/26 03:16:57 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/10/26 03:16:57 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/10/26 03:16:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/10/26 03:16:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/10/26 03:16:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/10/26 03:16:40 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/10/26 03:16:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/10/26 03:16:34 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/26 03:16:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/26 03:16:33 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/10/26 03:16:29 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/10/26 03:16:29 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/10/26 03:16:24 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/10/26 03:16:24 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/10/26 03:16:23 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/10/26 03:16:23 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/10/26 03:15:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell
[2011/10/26 03:14:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG2012
[2011/10/26 03:13:40 | 000,000,000 | ---D | C] -- C:\dell
[2011/10/26 03:13:07 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/10/26 03:13:07 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/10/26 03:13:07 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011/10/26 03:13:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011/10/26 03:13:07 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/10/26 03:13:07 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/10/26 03:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/26 03:12:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011/10/26 03:12:27 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/10/26 03:12:27 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/10/26 03:12:26 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/10/26 03:12:26 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/10/26 03:12:26 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/10/26 03:12:26 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/10/26 03:12:26 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/10/26 03:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/26 03:11:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011/10/26 03:11:44 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/10/26 03:11:44 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/10/26 03:11:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/10/26 03:11:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/10/26 03:11:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/10/26 03:11:43 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/10/26 03:11:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/10/26 03:11:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/10/26 03:11:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/10/26 03:11:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/10/26 03:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/10/26 03:11:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/10/26 03:11:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/10/26 03:11:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/10/26 03:11:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/10/26 03:11:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/10/26 03:11:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/10/26 03:11:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/10/26 03:11:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/10/26 03:11:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/10/26 03:11:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/10/26 03:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/10/26 03:11:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/10/26 03:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/10/26 03:11:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/10/26 03:11:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/10/26 03:11:30 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/10/26 03:11:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/10/26 03:11:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/10/26 03:11:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/10/26 03:11:10 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/10/26 03:11:06 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/26 03:11:06 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/26 03:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/26 03:09:48 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/10/26 03:09:47 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/10/26 03:09:47 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/10/26 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/10/26 03:07:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2011/10/26 03:07:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/26 03:06:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/10/26 03:06:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2011/10/26 03:06:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/10/26 03:04:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/10/26 03:04:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/26 03:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/26 02:54:04 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/26 02:54:04 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2011/10/26 02:54:04 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/26 02:54:04 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/10/26 02:53:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2011/10/26 02:53:49 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2011/10/26 02:53:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2011/10/26 02:53:25 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2011/10/26 02:53:24 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2011/10/26 02:53:24 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/26 02:53:24 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2011/10/26 02:53:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2011/10/26 02:53:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2011/10/26 02:53:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[2011/10/26 02:52:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/10/26 02:52:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/10/26 02:51:05 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011/10/26 02:42:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/26 02:40:43 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/10/26 02:39:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/10/28 18:24:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/28 18:24:46 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/28 18:24:46 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/28 18:22:15 | 107,674,169 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/28 18:18:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/28 18:18:12 | 1579,438,080 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/28 01:17:29 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3497962090-3289448001-634673441-1001UA.job
[2011/10/27 15:13:38 | 000,363,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/26 17:10:55 | 000,001,133 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/26 17:07:43 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/10/26 17:01:46 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011/10/26 16:36:35 | 000,001,174 | ---- | M] () -- C:\Users\Chris\Documents\Attach.zip
[2011/10/26 16:30:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 16:30:26 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/26 13:23:14 | 000,001,848 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/26 13:21:15 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/26 13:19:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/10/26 13:19:30 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 13:19:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 13:19:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/26 12:20:43 | 000,015,178 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011/10/26 03:33:59 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/10/26 03:12:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/26 03:12:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/26 03:11:06 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3497962090-3289448001-634673441-1001Core.job
[2011/10/26 02:57:44 | 000,001,437 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/26 02:52:27 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/10/26 02:52:27 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/10/26 02:52:26 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2011/10/26 02:52:26 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2011/10/26 02:43:47 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/10/26 02:43:47 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/10/26 02:41:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/09/29 15:45:14 | 000,025,189 | ---- | M] () -- C:\Users\Chris\Documents\bookmarks-2011-09-29.json

========== Files Created - No Company Name ==========

[2011/10/28 18:35:51 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/28 18:22:15 | 107,674,169 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/10/27 00:01:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/26 17:10:55 | 000,001,133 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/10/26 17:07:43 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/26 16:36:34 | 000,001,174 | ---- | C] () -- C:\Users\Chris\Documents\Attach.zip
[2011/10/26 13:45:38 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/10/26 13:45:10 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/10/26 13:23:14 | 000,001,848 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2011/10/26 13:23:14 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2011/10/26 12:44:04 | 000,025,189 | ---- | C] () -- C:\Users\Chris\Documents\bookmarks-2011-09-29.json
[2011/10/26 12:20:43 | 000,015,178 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011/10/26 03:33:59 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2011/10/26 03:21:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/10/26 03:21:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2011/10/26 03:21:00 | 000,004,464 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011/10/26 03:20:59 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2011/10/26 03:20:59 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin
[2011/10/26 03:20:59 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2011/10/26 03:20:59 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2011/10/26 03:20:58 | 000,433,024 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/10/26 03:20:58 | 000,433,024 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2011/10/26 03:12:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011/10/26 03:12:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011/10/26 03:06:42 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3497962090-3289448001-634673441-1001UA.job
[2011/10/26 03:06:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3497962090-3289448001-634673441-1001Core.job
[2011/10/26 02:57:44 | 000,001,437 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/26 02:54:14 | 000,001,409 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/10/26 02:54:08 | 000,001,443 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/26 02:53:24 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/26 02:53:24 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/26 02:43:39 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/26 02:43:28 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/26 02:41:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/10/26 02:39:56 | 1579,438,080 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2011/10/26 03:14:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2012
[2011/10/26 13:59:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2011/10/26 17:20:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2009/07/14 06:08:49 | 000,004,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Chris17

2011-10-28, 21:10

OTL Extras logfile created on: 28/10/2011 18:46:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Chris\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.96 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 58.17% Memory free
3.92 Gb Paging File | 2.87 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 204.74 Gb Free Space | 87.95% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0B7465E2-1A7E-4D21-8670-94D9C11449B8}" = AVG 2012
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{88381CA0-AB27-45B5-8BB8-E68987822AF8}" = AVG 2012
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"8461-7759-5462-8226" = Vuze
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3497962090-3289448001-634673441-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/10/2011 13:18:41 | Computer Name = Chris-PC | Source = ESENT | ID = 455
Description = Windows (3436) Windows: Error -1811 occurred while opening logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0001A.log.

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 26/10/2011 18:36:42 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 26/10/2011 18:36:42 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 26/10/2011 18:36:59 | Computer Name = Chris-PC | Source = DCOM | ID = 10005
Description =

Error - 26/10/2011 18:36:59 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 26/10/2011 18:36:59 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 28/10/2011 13:18:42 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 28/10/2011 13:19:02 | Computer Name = Chris-PC | Source = DCOM | ID = 10005
Description =

Error - 28/10/2011 13:19:02 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 28/10/2011 13:19:02 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

< End of report >

ken545

2011-10-28, 21:56

Hefllo Chris,

Thanks for getting back to me so quick. Let me explain what we have just done.

Goodedfix <--will fix Firefox redirects but it found none.

AswMBR <-- Checks for rootkits that cause redirects and it found none

OTL <-- A general all purpose scanner and I see nothing earth shattering

This is what I am leaning towards, I dont believe this problem is related to your ISP, but it is possible that your router is infected, but before we go there lets do this and tell me if it helped. This will flush out your DNS Cache and reset your Hosts file back to Microsoft defaults

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL

:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

Chris17

2011-10-29, 01:46

Hello, thank you for replying quickly also. I have ran the fix. Here is the log that was saved to my desktop:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Internet Explorer.lnk=@%windir%\System32\ie4uinit.exe,-734

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Chris17

2011-10-29, 01:53

Just a quick update, the problem hasn't been solved after doing this. I just browsed on Firefox and within minutes of searching I was redirected. I'm thinking that it may well be a problem with my router as you said. Thanks for helping me I really appreciate it. :bigthumb:

ken545

2011-10-29, 02:01

The OTL fix log is not what I expected, are you sure after inputting the code that you click on Run Fix and not Run Scan ?

Chris17

2011-10-29, 02:16

Yes I am certain, I will try again to be sure.

Chris17

2011-10-29, 02:20

Hold on I think I may have posted the wrong log, is this the one?:

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::308b:5a4f:5587:93ac%12
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{BDEE6F1F-8F31-4AF6-8FB7-810E5F8AC142}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3092:b5ac:b16e:9a5
Link-local IPv6 Address . . . . . : fe80::3092:b5ac:b16e:9a5%13
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{FB6384BB-7A9A-47D0-88AA-404B0779E881}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Chris\Downloads\cmd.bat deleted successfully.
C:\Users\Chris\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::308b:5a4f:5587:93ac%12
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{BDEE6F1F-8F31-4AF6-8FB7-810E5F8AC142}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3092:b5ac:b16e:9a5
Link-local IPv6 Address . . . . . : fe80::3092:b5ac:b16e:9a5%13
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{FB6384BB-7A9A-47D0-88AA-404B0779E881}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Chris\Downloads\cmd.bat deleted successfully.
C:\Users\Chris\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chris\Downloads\cmd.bat deleted successfully.
C:\Users\Chris\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98304 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10637685 bytes
->Flash cache emptied: 357 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 652 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 10282011_233726

Files\Folders moved on Reboot...
File move failed. C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ken545

2011-10-29, 02:24

Ahhh, good job, thats the one I need. Are you still being redirected ?

Chris17

2011-10-29, 02:30

Good, and yes I am still being redirected.

ken545

2011-10-29, 02:46

Lets reset your router. Do you have the disk that you used to install it ?

On the back of the router there is a reset button, you can use a paper clip or ball point pen to hold it in for at least 10 or 15 seconds, this will set your router back to the day you got it, you will have no internet with it until you reinstall the software from the disk. If you need help with this let me know ?

Chris17

2011-10-29, 02:55

I've reset it before because of another issue, however I have misplaced the disk somewhere. I'll have a good look for it and try what you said. In the meantime thank you for all your help!

Chris17

2011-10-29, 11:57

Good news, after resetting my router back to factory setting I've had no redirects. Thanks for all your help Ken. :)

ken545

2011-10-29, 13:01

That wonderful Chris, good to hear. :bigthumb:

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.php?p=12880&postcount=2

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken