Apparent Sirefef infection

Solved
By Gary Kemp
Jun 25, 2012
  1. Hello,

    I'm afraid you can add me to the list of likely Sirefef victims. I spotted the file in my home directory this morning, and have been fighting it for most of this evening.

    IT disabled MSE, so I did a rather silly thing and ran the instructions in this thread without posting here first. This has allowed me to get MSE running, but it is only able to detect 'Win32/Cutwail.BE'. It asks me to send a report about the .exe in my home dir, which I have done. Log files are here:


    =========================
    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.25.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gary :: GARY-PC [administrator]

    25/06/2012 22:09:19
    mbam-log-2012-06-25 (22-09-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232800
    Time elapsed: 2 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Gary\Downloads\Windows Loader.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
    C:\Windows\System32\regedit.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    ==========================

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-06-25 22:18:55
    Windows 6.1.7601 Service Pack 1
    Running: 93io052h.exe


    ---- Services - GMER 1.0.15 ----

    Service C:\SystemRoot\System32\Drivers\68b814fec318ebc3.sys (*** hidden *** ) [BOOT] 68b814fec318ebc3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
  2. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    HTC BMP USB Driver
    Java Auto Updater
    Java(TM) 6 Update 32
    Launchy 2.5
    LibreOffice 3.5
    Malwarebytes Anti-Malware version 1.61.0.1400
    MDaemon Server
    MetroTwit
    Microsoft Flight
    Microsoft Flight Simulator X
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 13.0.1 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Notepad++
    NVIDIA PhysX
    Picasa 3
    Pidgin
    Project CARS
    PSP Video 9 6
    PunkBuster Services
    RACE 07
    Rainmeter
    rFactor (remove only)
    rFactor2
    RSSOwl
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Ship Simulator Extremes Demo
    Skype™ 5.9
    Steam
    Team Fortress 2
    UK2000 VFR Scenery Volume1 files
    Windows 7 USB/DVD Download Tool
    Wunderlist
    XAMPP 1.7.7
    YouTube Downloader App 3.00
  3. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
    Run by Gary at 22:19:54 on 2012-06-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.5989 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\xampp\apache\bin\httpd.exe
    C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE
    c:\xampp\mysql\bin\mysqld.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~2\MDaemon\APP\CFEngine.exe
    C:\PROGRA~2\MDaemon\WorldClient\WorldClient.exe
    C:\PROGRA~2\MDaemon\SpamAssassin\MDSpamD.exe
    C:\Windows\system32\conhost.exe
    C:\xampp\apache\bin\httpd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Gary\0i763f66bz.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Launchy\Launchy.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [F.lux] "C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [0i763f66bz] C:\Users\Gary\0i763f66bz.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
    StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MDAEMO~1.LNK - C:\Program Files (x86)\MDaemon\App\MDaemon.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
    TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691} : NameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
    FF - prefs.js: browser.startup.homepage - about:newtab
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
    FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
    R2 MDaemon;MDaemon;C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE [2012-4-13 1433600]
    R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-3-4 2169056]
    R2 WebAdmin;WebAdmin Server;C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe [2012-3-3 215040]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-12 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257224]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-12 136176]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-06-25 21:08:37 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes
    2012-06-25 21:08:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-25 21:08:27 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-25 21:08:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 20:44:19 -------- d-----w- C:\$RECYCLE.BIN
    2012-06-25 20:06:40 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-25 20:06:40 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
    2012-06-25 20:05:49 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CFB3B40-5CC3-4B83-BCCE-1BA72FDE5EC6}\mpengine.dll
    2012-06-25 20:02:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-06-25 20:02:38 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-06-25 19:37:26 98816 ----a-w- C:\Windows\sed.exe
    2012-06-25 19:37:26 518144 ----a-w- C:\Windows\SWREG.exe
    2012-06-25 19:37:26 256000 ----a-w- C:\Windows\PEV.exe
    2012-06-25 19:37:26 208896 ----a-w- C:\Windows\MBR.exe
    2012-06-25 19:31:34 328704 ----a-w- C:\Windows\System32\services.exe.7D18329E94516DCB
    2012-06-25 19:18:30 328704 ----a-w- C:\Windows\System32\services.exe.688D6AAB913CC93F
    2012-06-25 18:18:58 328704 ----a-w- C:\Windows\System32\services.exe.DCF27A594CA36169
    2012-06-25 17:19:15 328704 ----a-w- C:\Windows\System32\services.exe.6D4B17950EBA7705
    2012-06-25 15:43:39 328704 ----a-w- C:\Windows\System32\services.exe.4FF89BF300A76428
    2012-06-25 14:07:56 328704 ----a-w- C:\Windows\System32\services.exe.917D8942AD94DB84
    2012-06-25 13:08:16 328704 ----a-w- C:\Windows\System32\services.exe.B137DDBB62458F10
    2012-06-25 12:08:33 328704 ----a-w- C:\Windows\System32\services.exe.9F08FF7D297B9CC7
    2012-06-25 11:09:06 328704 ----a-w- C:\Windows\System32\services.exe.46E3CDF4A4524BD6
    2012-06-25 10:09:22 328704 ----a-w- C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
    2012-06-25 09:09:47 328704 ----a-w- C:\Windows\System32\services.exe.F4FD13ADB3D9A690
    2012-06-25 08:10:07 328704 ----a-w- C:\Windows\System32\services.exe.47803BD757A17FC4
    2012-06-25 07:10:27 328704 ----a-w- C:\Windows\System32\services.exe.29C16522D746982F
    2012-06-25 06:06:06 328704 ----a-w- C:\Windows\System32\services.exe.D51983B2DB21FA61
    2012-06-24 18:19:00 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-06-23 20:20:17 -------- d-----w- C:\Program Files (x86)\Regensoft
    2012-06-23 20:20:14 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
    2012-06-23 20:20:07 -------- d-----w- C:\Program Files (x86)\Red Kawa
    2012-06-19 05:56:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 05:56:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 05:55:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 05:55:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-18 07:19:46 -------- d-----w- C:\Users\Gary\AppData\Local\Macromedia
    2012-06-15 18:06:40 -------- d-----w- C:\Users\Gary\AppData\Roaming\.rFactor
    2012-06-14 08:23:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 08:23:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-14 08:23:05 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 08:22:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-14 08:22:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-14 08:22:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-14 08:22:56 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-14 08:22:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-09 20:12:36 119808 ----a-r- C:\Users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-06-09 19:23:36 -------- d-----w- C:\ProgramData\Astroburn Lite
    2012-06-09 19:23:36 -------- d-----w- C:\Program Files (x86)\Astroburn Lite
    2012-06-09 19:10:26 -------- d-----w- C:\$WINDOWS.~BT
    2012-06-04 21:56:23 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-06-04 21:56:23 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-04 21:56:23 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-05-31 22:04:45 -------- d-----w- C:\Users\Gary\VirtualBox VMs
    2012-05-31 22:04:27 -------- d-----w- C:\Users\Gary\.VirtualBox
    2012-05-31 21:01:19 -------- d-----r- C:\ESD
    2012-05-29 15:42:45 -------- d-----w- C:\Users\Gary\.rssowl2
    2012-05-29 15:41:19 -------- d-----w- C:\Program Files (x86)\RSSOwl
    .
    ==================== Find3M ====================
    .
    2012-06-24 18:16:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-24 18:16:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-19 11:04:08 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-05-19 11:04:08 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-16 21:04:46 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-05-16 21:04:33 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-05-06 11:01:03 286720 ----a-w- C:\Windows\iun506.exe
    2012-05-06 06:10:59 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-05-04 10:41:02 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-05-04 10:41:02 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-04-03 13:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-04-03 13:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2012-04-03 13:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-04-03 13:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-04-03 13:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 22:20:56.47 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 03/03/2012 11:18:19
    System Uptime: 25/06/2012 22:14:20 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 277 GiB total, 34.267 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 129 GiB total, 124.419 GiB free.
    G: is FIXED (NTFS) - 21 GiB total, 5.494 GiB free.
    H: is Removable
    I: is FIXED (NTFS) - 20 GiB total, 19.922 GiB free.
    J: is FIXED (FAT32) - 186 GiB total, 55.741 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP83: 20/06/2012 15:43:41 - Scheduled Checkpoint
    RP84: 21/06/2012 20:10:08 - Windows Update
    RP85: 25/06/2012 20:37:31 - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    ActiveState Komodo Edit 7.0.2
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Astroburn Lite
    µTorrent
    AviSynth 2.5
    Battlefield Heroes
    Command and Conquer: Red Alert 3
    Counter-Strike: Source
    DAEMON Tools Lite
    Dropbox
    EditPlus 3
    F.lux
    F1 1976 LE v1.1
    FeedReader
    Google Chrome
    Google Earth
    Google Update Helper
  4. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    ==== Event Viewer Messages From Past Week ========
    .
    25/06/2012 22:15:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
    25/06/2012 22:15:00, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 22:15:00, Error: Service Control Manager [7000] - The Microsoft Network Inspection System service failed to start due to the following error: A device attached to the system is not functioning.
    25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 22:13:36, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
    25/06/2012 22:03:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:3840 Detection Origin: Unknown Detection Type: Heuristics Detection Source: User User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:43:57, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
    25/06/2012 21:42:28, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    25/06/2012 21:42:04, Error: Application Popup [1060] - \??\C:\garygary\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    25/06/2012 21:28:47, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:4000 Detection Origin: Unknown Detection Type: Heuristics Detection Source: User User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    25/06/2012 21:08:11, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:4000 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
    25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 21:03:48, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    25/06/2012 21:03:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:46:14, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    25/06/2012 20:41:09, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
    25/06/2012 20:37:14, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    25/06/2012 20:37:14, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    25/06/2012 20:36:07, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:34:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    25/06/2012 20:34:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    25/06/2012 20:34:03, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:34:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    25/06/2012 20:33:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    25/06/2012 20:33:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    25/06/2012 20:33:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf ws2ifsl
    25/06/2012 20:33:33, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    25/06/2012 20:33:33, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    25/06/2012 20:31:34, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:456 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
    25/06/2012 20:30:56, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    25/06/2012 20:30:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
    25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 20:18:30, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 19:18:58, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 18:19:15, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
  5. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 16:43:39, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 15:07:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 14:08:16, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 13:08:33, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 12:09:06, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 11:09:22, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 10:09:47, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 09:10:07, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 08:10:27, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 07:51:52, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    25/06/2012 07:51:52, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    25/06/2012 07:23:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
    25/06/2012 07:18:06, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:18:06, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 07:06:06, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:520 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
    25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
    25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    25/06/2012 06:59:05, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    25/06/2012 06:58:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    24/06/2012 12:49:12, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
    24/06/2012 11:05:43, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
    24/06/2012 10:45:01, Error: NetBT [4321] - The name "GREEKATTIC :1d" could not be registered on the interface with IP address 192.168.1.137. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
    24/06/2012 09:28:16, Error: bowser [8003] - The master browser has received a server announcement from the computer REDCURRANT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5768A142-6463-4856-A441-84E2433AE691}. The master browser is stopping or an election is being forced.
    20/06/2012 09:50:07, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    19/06/2012 15:03:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    19/06/2012 15:03:39, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    18/06/2012 22:17:01, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DED67ABD-4829-475E-BB31-57E76989AEBC} because another computer on the network has the same name. The server could not start.
    .
    ==== End Of File ===========================
    IT goes without saying that I'd be extremely grateful for any help!
  6. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================

    Upper part of Attach.txt log is missing so please provide that.

    Next....

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  7. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    Hi,

    Thanks for the quick reply. I'm at work at the moment, but I'll post the rest of the logfile when I get home - I was struggling against the character limit and tiredness :S

    Gary
  8. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    If a log or logs exceed the limit for one reply, you may use more than one reply.
  9. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    Ok, here's the missing part of attach.log - I believe this is all that was missing:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 03/03/2012 11:18:19
    System Uptime: 25/06/2012 22:14:20 (0 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 277 GiB total, 34.267 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 129 GiB total, 124.419 GiB free.
    G: is FIXED (NTFS) - 21 GiB total, 5.494 GiB free.
    H: is Removable
    I: is FIXED (NTFS) - 20 GiB total, 19.922 GiB free.
    J: is FIXED (FAT32) - 186 GiB total, 55.741 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP83: 20/06/2012 15:43:41 - Scheduled Checkpoint
    RP84: 21/06/2012 20:10:08 - Windows Update
    RP85: 25/06/2012 20:37:31 - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    ActiveState Komodo Edit 7.0.2
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Astroburn Lite
    µTorrent
    AviSynth 2.5
    Battlefield Heroes
    Command and Conquer: Red Alert 3
    Counter-Strike: Source
    DAEMON Tools Lite
    Dropbox
    EditPlus 3
    F.lux
    F1 1976 LE v1.1
    FeedReader
    Google Chrome
    Google Earth
    Google Update Helper
    HTC BMP USB Driver
    Java Auto Updater
    Java(TM) 6 Update 32
    Launchy 2.5
    LibreOffice 3.5
    Malwarebytes Anti-Malware version 1.61.0.1400
    MDaemon Server
    MetroTwit
    Microsoft Flight
    Microsoft Flight Simulator X
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft SQL Server Compact 3.5 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 13.0.1 (x86 en-GB)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Notepad++
    NVIDIA PhysX
    Picasa 3
    Pidgin
    Project CARS
    PSP Video 9 6
    PunkBuster Services
    RACE 07
    Rainmeter
    rFactor (remove only)
    rFactor2
    RSSOwl
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Ship Simulator Extremes Demo
    Skype™ 5.9
    Steam
    Team Fortress 2
    UK2000 VFR Scenery Volume1 files
    Windows 7 USB/DVD Download Tool
    Wunderlist
    XAMPP 1.7.7
    YouTube Downloader App 3.00
    .
  10. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    ...and here is the log generated by FRST64, in two parts:

    Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 27-06-2012 07:36:00
    Running from J:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\Gary\...\Run: [F.lux] "C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
    HKU\Gary\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-06] (Valve Corporation)
    HKU\Gary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
    HKU\Gary\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
    HKU\Gary\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\Gary\...\Run: [0i763f66bz] C:\Users\Gary\0i763f66bz.exe [42496 2012-06-24] (FaceVsion)
    HKU\Gary\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
    Tcpip\..\Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: [NameServer]192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
    Startup: C:\Users\Gary\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\Gary\Start Menu\Programs\Startup\Launchy.lnk
    ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
    Startup: C:\Users\Gary\Start Menu\Programs\Startup\MDaemon - Shortcut.lnk
    ShortcutTarget: MDaemon - Shortcut.lnk -> C:\Program Files (x86)\MDaemon\App\MDaemon.exe (Alt-N Technologies, Ltd.)

    ==================== Services (Whitelisted) ======

    2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
    3 FileZilla Server; "C:\xampp\FileZillaFTP\FileZillaServer.exe" [630272 2011-06-07] (FileZilla Project)
    2 MDaemon; C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE [1433600 2012-03-03] (Alt-N Technologies, Ltd.)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
    2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-03-30] ()
    3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-05-16] ()
    2 uvnc_service; "C:\Program Files\UltraVNC\WinVNC.exe" -service [2169056 2012-02-14] (UltraVNC)
    2 WebAdmin; C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe [215040 2010-06-22] (Alt-N Technologies, Ltd.)
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    0 68b814fec318ebc3; C:\Windows\System32\Drivers\68b814fec318ebc3.sys [74184 2012-06-24] ()
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
    3 mv2; C:\Windows\System32\Drivers\mv2.sys [12904 2012-03-04] (UVNC BVBA)
    3 catchme; \??\C:\garygary\catchme.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-25 13:21 - 2012-06-25 13:21 - 00068172 ____A C:\Users\Gary\Desktop\Attach.txt
    2012-06-25 13:21 - 2012-06-25 13:21 - 00018155 ____A C:\Users\Gary\Desktop\DDS.txt
    2012-06-25 13:18 - 2012-06-25 13:18 - 00000332 ____A C:\Users\Gary\Desktop\gmer.log
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Malwarebytes
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 13:08 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 13:05 - 2012-06-25 13:05 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Gary\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-25 12:59 - 2012-06-25 12:59 - 00085379 ____A C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    2012-06-25 12:59 - 2012-06-25 12:59 - 00000000 ____D C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
    2012-06-25 12:55 - 2012-06-25 12:55 - 00607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
    2012-06-25 12:55 - 2012-06-25 12:55 - 00302592 ____A C:\Users\Gary\Downloads\93io052h.exe
    2012-06-25 12:48 - 2012-06-25 12:48 - 00025272 ____A C:\ComboFix.txt
    2012-06-25 12:35 - 2012-06-25 12:35 - 01012656 ____A C:\Users\Gary\Downloads\rkill.exe
    2012-06-25 12:34 - 2012-06-25 12:35 - 04568224 ____R (Swearware) C:\Users\Gary\Desktop\garygary.exe
    2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-25 11:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
    2012-06-25 11:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
    2012-06-25 11:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-06-25 11:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-06-25 11:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-06-25 11:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
    2012-06-25 11:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
    2012-06-25 11:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
    2012-06-25 11:34 - 2012-06-25 12:48 - 00000000 ____D C:\Qoobox
    2012-06-25 11:31 - 2012-06-25 11:52 - 00000000 ____D C:\Windows\erdnt
    2012-06-25 11:31 - 2012-06-25 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D18329E94516DCB
    2012-06-25 11:27 - 2012-06-25 11:28 - 04568224 ____R (Swearware) C:\Users\Gary\Downloads\ComboFix.exe
    2012-06-25 11:18 - 2012-06-25 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.688D6AAB913CC93F
    2012-06-25 10:18 - 2012-06-25 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCF27A594CA36169
    2012-06-25 09:19 - 2012-06-25 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4B17950EBA7705
    2012-06-25 07:43 - 2012-06-25 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF89BF300A76428
    2012-06-25 06:07 - 2012-06-25 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917D8942AD94DB84
    2012-06-25 05:08 - 2012-06-25 05:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B137DDBB62458F10
    2012-06-25 04:08 - 2012-06-25 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F08FF7D297B9CC7
    2012-06-25 03:09 - 2012-06-25 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E3CDF4A4524BD6
    2012-06-25 02:09 - 2012-06-25 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
    2012-06-25 01:09 - 2012-06-25 01:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4FD13ADB3D9A690
    2012-06-25 00:10 - 2012-06-25 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47803BD757A17FC4
    2012-06-24 23:10 - 2012-06-24 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C16522D746982F
    2012-06-24 22:06 - 2012-06-24 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D51983B2DB21FA61
    2012-06-24 21:56 - 2012-06-24 21:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall(1).exe
    2012-06-24 21:49 - 2012-06-24 21:49 - 00074184 ____A C:\Windows\System32\Drivers\68b814fec318ebc3.sys
    2012-06-24 13:37 - 2012-06-24 13:37 - 00000000 ____D C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0
    2012-06-24 13:04 - 2012-06-24 13:06 - 65205846 ____A C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0.7z
    2012-06-24 10:19 - 2012-06-24 10:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-24 10:10 - 2012-06-24 10:10 - 00042496 ____A (FaceVsion) C:\Users\Gary\0i763f66bz.exe
    2012-06-24 06:48 - 2012-06-24 06:48 - 00000000 ____D C:\Users\Gary\Downloads\Grand Theft Auto Vice City Stories(PSP)
    2012-06-24 06:47 - 2012-06-24 07:33 - 00000000 ____D C:\Users\Gary\Downloads\Bomberman [MULTI5][PSP][WwW.GamesTorrents.CoM]
    2012-06-24 06:44 - 2012-06-24 06:44 - 00000000 ____D C:\Users\Gary\Downloads\BMan
    2012-06-24 06:28 - 2012-06-24 06:28 - 05895750 ____A C:\Users\Gary\Downloads\Bomberman_94_JPN_PSN_PSP-PLAYASiA.exe
    2012-06-24 06:15 - 2012-06-24 06:15 - 00000000 ____D C:\Users\Gary\Downloads\Fifa 2012 for PSP
    2012-06-23 13:32 - 2012-06-24 02:02 - 984043539 ____A C:\Users\Gary\Downloads\Fifa 2012 for PSP.rar
    2012-06-23 12:28 - 2012-06-23 12:53 - 170554736 ____A C:\Users\Gary\Downloads\Fight Night Round 3.cso
    2012-06-23 12:25 - 2012-06-23 12:58 - 282423226 ____A C:\Users\Gary\Downloads\BURNOUT LEGENDS.cso
    2012-06-23 12:22 - 2012-06-23 13:11 - 00000000 ____D C:\Users\Gary\Downloads\Grand_Theft_Auto_Liberty_City_Stories_EUR_MULTi5_PSP-MUPSP
    2012-06-23 12:20 - 2012-06-23 12:20 - 00002186 ____A C:\Users\Public\Desktop\PSP Video 9.lnk
    2012-06-23 12:20 - 2012-06-23 12:20 - 00002146 ____A C:\Users\Public\Desktop\YouTube Downloader App.lnk
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Users\Gary\Documents\Regensoft
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Regensoft
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Red Kawa
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2012-06-23 12:18 - 2012-06-23 13:31 - 00000000 ____D C:\Users\Gary\Downloads\PSP - FIFA 12 [EUR][MULTI5] [WWW.PEQUEPSP.ES]
    2012-06-23 12:11 - 2012-06-23 12:11 - 00000000 ____D C:\Users\Gary\Downloads\DupliFinder
    2012-06-23 12:10 - 2012-06-23 12:13 - 19505334 ____A C:\Users\Gary\Downloads\pspvideo9-600-setup.exe
    2012-06-23 11:58 - 2012-06-23 11:58 - 00223531 ____A C:\Users\Gary\Downloads\DupliFinder.zip
    2012-06-20 13:44 - 2012-06-20 13:52 - 271091146 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMcNish.MP4
    2012-06-20 13:44 - 2012-06-20 13:45 - 13061400 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMarino.MP4
    2012-06-19 08:53 - 2012-06-19 07:59 - 301149238 ____A C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
    2012-06-19 05:48 - 2012-06-19 05:48 - 00000000 ____D C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19
    2012-06-19 05:45 - 2012-06-19 05:45 - 00108178 ____A C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19.zip
    2012-06-18 21:56 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-18 21:56 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-18 21:56 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-18 21:56 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-18 21:56 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-18 21:56 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-18 21:56 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-18 21:55 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-18 21:55 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 13:06 - 2012-06-18 13:06 - 00000000 ____D C:\Users\Gary\Downloads\Snetterton 300 track
    2012-06-18 13:04 - 2012-06-18 13:04 - 00010711 ____A C:\Users\Gary\Desktop\Keys.ini
    2012-06-18 12:33 - 2012-06-18 12:41 - 63386619 ____A C:\Users\Gary\Downloads\Snetterton 300 track.7z
    2012-06-18 12:22 - 2012-06-18 21:53 - 551391098 ____A C:\Users\Gary\Downloads\ISI1044-v10-v11-FormulaRenault35s.rfmod
    2012-06-18 12:22 - 2012-06-18 12:52 - 158990275 ____A C:\Users\Gary\Downloads\ISI1044-v11-v12-FormulaRenault35s.rfmod
    2012-06-17 23:19 - 2012-06-17 23:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Macromedia
    2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Juli\Desktop\rFactor2.lnk
    2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Gary\Desktop\rFactor2.lnk
    2012-06-17 01:09 - 2012-06-17 01:24 - 515492056 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build90_Setup.exe
    2012-06-16 08:57 - 2012-06-16 08:57 - 00003584 ____A C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-16 07:28 - 2012-06-16 07:28 - 00000000 ___HD C:\Users\Gary\Desktop\.picasaoriginals
    2012-06-15 10:06 - 2012-06-15 10:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.rFactor
    2012-06-14 13:57 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 13:57 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 13:57 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 13:57 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 13:57 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 13:57 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 13:57 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 13:57 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 13:57 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 13:57 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 13:57 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 13:57 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 13:57 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 13:57 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 13:57 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 13:57 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 13:57 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 13:57 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 13:57 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 13:57 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 13:57 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 13:57 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 13:57 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 13:57 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 13:57 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 13:57 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 13:57 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 13:57 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 00:23 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 00:23 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-14 00:23 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 00:22 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-14 00:22 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-14 00:22 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-14 00:22 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-14 00:22 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-10 09:26 - 2012-06-10 09:26 - 00000000 ____D C:\Users\Gary\Downloads\autocross italia cars and tracks
    2012-06-10 04:45 - 2012-06-10 04:57 - 177209098 ____A C:\Users\Gary\Downloads\PCC_2007_Setup.exe
    2012-06-10 01:21 - 2012-06-10 06:12 - 1283868187 ____A C:\Users\Gary\Downloads\autocross italia cars and tracks.rar
    2012-06-10 00:49 - 2012-06-10 00:49 - 00527122 ____A C:\Users\Gary\Desktop\flash.bmp
    2012-06-09 12:12 - 2012-06-09 12:12 - 00002508 ____A C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
    2012-06-09 12:12 - 2012-06-09 12:12 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2012-06-09 12:10 - 2012-06-09 12:10 - 02721168 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows7-USB-DVD-tool.exe
    2012-06-09 11:23 - 2012-06-09 11:23 - 00001070 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
    2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\All Users\Astroburn Lite
    2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
    2012-06-09 11:21 - 2012-06-09 11:22 - 05327264 ____A (Canneverbe Limited ) C:\Users\Gary\Downloads\cdbxp_setup_4.4.1.3184.exe
    2012-06-09 11:10 - 2012-06-09 11:10 - 00000000 ____D C:\$WINDOWS.~BT
    2012-06-09 11:03 - 2012-06-09 11:04 - 00142264 ____A C:\Users\Gary\Downloads\UWT(1).zip
    2012-06-07 12:07 - 2012-06-07 12:09 - 74938301 ____A (GPLPS ) C:\Users\Gary\Downloads\gplinstallmax_0.97_UK.exe
    2012-06-07 11:16 - 2012-06-07 11:16 - 298792988 ____A C:\Windows\MEMORY.DMP
    2012-06-07 11:16 - 2012-06-07 11:16 - 00274328 ____A C:\Windows\Minidump\060712-17862-01.dmp
    2012-06-07 11:16 - 2012-06-07 11:16 - 00000000 ____D C:\Windows\Minidump
    2012-06-05 07:18 - 2012-05-15 19:53 - 00000000 ____D C:\Users\Gary\Downloads\GameData
    2012-06-04 13:56 - 2012-06-04 13:56 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-04 11:11 - 2012-06-04 11:11 - 16574016 ____A (Mozilla) C:\Users\Gary\Downloads\Firefox Setup 13.0.exe
    2012-06-04 03:38 - 2012-06-04 03:39 - 07730747 ____A C:\Users\Gary\Downloads\mariopaintcomposerpc.zip
    2012-05-31 14:04 - 2012-06-09 11:07 - 00000000 ____D C:\Users\Gary\.VirtualBox
    2012-05-31 14:04 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\VirtualBox VMs
    2012-05-31 14:01 - 2012-06-09 11:10 - 00001388 ____A C:\Users\Gary\Desktop\Install Windows.lnk
    2012-05-31 13:01 - 2012-05-31 13:01 - 00000000 ___RD C:\ESD
    2012-05-31 12:45 - 2012-05-31 12:46 - 05350616 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe
    2012-05-29 10:33 - 2012-05-29 10:33 - 00004033 ____A C:\Users\Gary\Documents\feedreader.opml
    2012-05-29 07:42 - 2012-06-25 13:44 - 00000000 ____D C:\Users\Gary\.rssowl2
    2012-05-29 07:41 - 2012-05-29 07:42 - 00000000 ____D C:\Program Files (x86)\RSSOwl
    2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Juli\Desktop\RSSOwl.lnk
    2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Gary\Desktop\RSSOwl.lnk
    2012-05-29 07:40 - 2012-05-29 07:40 - 03960791 ____A (RSSOwl Team) C:\Users\Gary\Downloads\RSSOwl Setup 2.1.2.exe


    ============ 3 Months Modified Files and Folders =============

    2012-06-27 07:36 - 2012-06-27 07:35 - 00000000 ____D C:\FRST
    2012-06-26 22:30 - 2009-07-13 20:45 - 00025216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 22:30 - 2009-07-13 20:45 - 00025216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-26 22:24 - 2012-03-03 03:14 - 01476708 ____A C:\Windows\WindowsUpdate.log
    2012-06-26 22:15 - 2012-03-12 02:26 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Skype
    2012-06-26 22:15 - 2012-03-06 14:13 - 00000000 ____D C:\Program Files (x86)\Steam
    2012-06-26 22:15 - 2012-03-05 13:03 - 00000000 ___RD C:\Users\Gary\Dropbox
    2012-06-26 22:15 - 2012-03-05 12:59 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Dropbox
    2012-06-26 22:14 - 2012-03-12 03:44 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-26 22:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-26 22:14 - 2009-07-13 20:51 - 00039605 ____A C:\Windows\setupact.log
    2012-06-26 14:10 - 2012-04-13 01:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-26 13:54 - 2012-03-12 03:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-25 13:44 - 2012-05-29 07:42 - 00000000 ____D C:\Users\Gary\.rssowl2
    2012-06-25 13:21 - 2012-06-25 13:21 - 00068172 ____A C:\Users\Gary\Desktop\Attach.txt
    2012-06-25 13:21 - 2012-06-25 13:21 - 00018155 ____A C:\Users\Gary\Desktop\DDS.txt
    2012-06-25 13:18 - 2012-06-25 13:18 - 00000332 ____A C:\Users\Gary\Desktop\gmer.log
    2012-06-25 13:14 - 2012-03-07 23:18 - 00010420 ____A C:\Windows\PFRO.log
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Malwarebytes
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 13:05 - 2012-06-25 13:05 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Gary\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-25 12:59 - 2012-06-25 12:59 - 00085379 ____A C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    2012-06-25 12:59 - 2012-06-25 12:59 - 00000000 ____D C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
    2012-06-25 12:55 - 2012-06-25 12:55 - 00607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
    2012-06-25 12:55 - 2012-06-25 12:55 - 00302592 ____A C:\Users\Gary\Downloads\93io052h.exe
    2012-06-25 12:52 - 2012-05-23 08:49 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\2.0
    2012-06-25 12:48 - 2012-06-25 12:48 - 00025272 ____A C:\ComboFix.txt
    2012-06-25 12:48 - 2012-06-25 11:34 - 00000000 ____D C:\Qoobox
    2012-06-25 12:44 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
    2012-06-25 12:35 - 2012-06-25 12:35 - 01012656 ____A C:\Users\Gary\Downloads\rkill.exe
    2012-06-25 12:35 - 2012-06-25 12:34 - 04568224 ____R (Swearware) C:\Users\Gary\Desktop\garygary.exe
    2012-06-25 12:03 - 2012-03-03 08:18 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-06-25 12:02 - 2012-05-23 08:49 - 00000000 ____D C:\Users\Gary\AppData\Local\Deployment
    2012-06-25 12:02 - 2012-03-03 08:15 - 00787568 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-25 11:52 - 2012-06-25 11:31 - 00000000 ____D C:\Windows\erdnt
    2012-06-25 11:31 - 2012-06-25 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D18329E94516DCB
    2012-06-25 11:28 - 2012-06-25 11:27 - 04568224 ____R (Swearware) C:\Users\Gary\Downloads\ComboFix.exe
    2012-06-25 11:18 - 2012-06-25 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.688D6AAB913CC93F
    2012-06-25 10:18 - 2012-06-25 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCF27A594CA36169
    2012-06-25 09:19 - 2012-06-25 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4B17950EBA7705
    2012-06-25 07:43 - 2012-06-25 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF89BF300A76428
    2012-06-25 06:07 - 2012-06-25 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917D8942AD94DB84
    2012-06-25 05:08 - 2012-06-25 05:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B137DDBB62458F10
    2012-06-25 04:08 - 2012-06-25 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F08FF7D297B9CC7
    2012-06-25 03:09 - 2012-06-25 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E3CDF4A4524BD6
    2012-06-25 02:09 - 2012-06-25 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
    2012-06-25 01:09 - 2012-06-25 01:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4FD13ADB3D9A690
    2012-06-25 00:10 - 2012-06-25 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47803BD757A17FC4
    2012-06-24 23:10 - 2012-06-24 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C16522D746982F
    2012-06-24 22:06 - 2012-06-24 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D51983B2DB21FA61
    2012-06-24 21:56 - 2012-06-24 21:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall(1).exe
    2012-06-24 21:49 - 2012-06-24 21:49 - 00074184 ____A C:\Windows\System32\Drivers\68b814fec318ebc3.sys
    2012-06-24 14:44 - 2012-05-05 10:13 - 00000000 ____D C:\Program Files\PeerBlock
    2012-06-24 14:44 - 2012-03-03 08:25 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent
    2012-06-24 13:37 - 2012-06-24 13:37 - 00000000 ____D C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0
    2012-06-24 13:16 - 2012-05-12 10:11 - 00000600 ____A C:\Users\Gary\AppData\Local\PUTTY.RND
    2012-06-24 13:06 - 2012-06-24 13:04 - 65205846 ____A C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0.7z
    2012-06-24 10:19 - 2012-06-24 10:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-24 10:16 - 2012-04-13 01:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-24 10:16 - 2012-03-07 01:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-24 10:10 - 2012-06-24 10:10 - 00042496 ____A (FaceVsion) C:\Users\Gary\0i763f66bz.exe
    2012-06-24 10:10 - 2012-03-03 03:18 - 00000000 ____D C:\users\Gary
    2012-06-24 07:33 - 2012-06-24 06:47 - 00000000 ____D C:\Users\Gary\Downloads\Bomberman [MULTI5][PSP][WwW.GamesTorrents.CoM]
    2012-06-24 06:48 - 2012-06-24 06:48 - 00000000 ____D C:\Users\Gary\Downloads\Grand Theft Auto Vice City Stories(PSP)
    2012-06-24 06:44 - 2012-06-24 06:44 - 00000000 ____D C:\Users\Gary\Downloads\BMan
    2012-06-24 06:28 - 2012-06-24 06:28 - 05895750 ____A C:\Users\Gary\Downloads\Bomberman_94_JPN_PSN_PSP-PLAYASiA.exe
    2012-06-24 06:15 - 2012-06-24 06:15 - 00000000 ____D C:\Users\Gary\Downloads\Fifa 2012 for PSP
    2012-06-24 02:02 - 2012-06-23 13:32 - 984043539 ____A C:\Users\Gary\Downloads\Fifa 2012 for PSP.rar
    2012-06-23 13:31 - 2012-06-23 12:18 - 00000000 ____D C:\Users\Gary\Downloads\PSP - FIFA 12 [EUR][MULTI5] [WWW.PEQUEPSP.ES]
    2012-06-23 13:15 - 2009-07-13 21:13 - 00782102 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-23 13:11 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Gary\Downloads\Grand_Theft_Auto_Liberty_City_Stories_EUR_MULTi5_PSP-MUPSP
    2012-06-23 12:58 - 2012-06-23 12:25 - 282423226 ____A C:\Users\Gary\Downloads\BURNOUT LEGENDS.cso
    2012-06-23 12:53 - 2012-06-23 12:28 - 170554736 ____A C:\Users\Gary\Downloads\Fight Night Round 3.cso
    2012-06-23 12:20 - 2012-06-23 12:20 - 00002186 ____A C:\Users\Public\Desktop\PSP Video 9.lnk
    2012-06-23 12:20 - 2012-06-23 12:20 - 00002146 ____A C:\Users\Public\Desktop\YouTube Downloader App.lnk
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Users\Gary\Documents\Regensoft
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Regensoft
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Red Kawa
    2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
    2012-06-23 12:13 - 2012-06-23 12:10 - 19505334 ____A C:\Users\Gary\Downloads\pspvideo9-600-setup.exe
    2012-06-23 12:11 - 2012-06-23 12:11 - 00000000 ____D C:\Users\Gary\Downloads\DupliFinder
    2012-06-23 11:58 - 2012-06-23 11:58 - 00223531 ____A C:\Users\Gary\Downloads\DupliFinder.zip
    2012-06-20 13:52 - 2012-06-20 13:44 - 271091146 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMcNish.MP4
    2012-06-20 13:45 - 2012-06-20 13:44 - 13061400 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMarino.MP4
    2012-06-19 07:59 - 2012-06-19 08:53 - 301149238 ____A C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
    2012-06-19 07:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-06-19 05:48 - 2012-06-19 05:48 - 00000000 ____D C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19
    2012-06-19 05:45 - 2012-06-19 05:45 - 00108178 ____A C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19.zip
    2012-06-18 21:58 - 2012-03-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
    2012-06-18 21:53 - 2012-06-18 12:22 - 551391098 ____A C:\Users\Gary\Downloads\ISI1044-v10-v11-FormulaRenault35s.rfmod
    2012-06-18 14:00 - 2012-03-03 03:18 - 00000000 ____D C:\Users\Gary\AppData\Local\VirtualStore
    2012-06-18 13:06 - 2012-06-18 13:06 - 00000000 ____D C:\Users\Gary\Downloads\Snetterton 300 track
    2012-06-18 13:04 - 2012-06-18 13:04 - 00010711 ____A C:\Users\Gary\Desktop\Keys.ini
    2012-06-18 12:52 - 2012-06-18 12:22 - 158990275 ____A C:\Users\Gary\Downloads\ISI1044-v11-v12-FormulaRenault35s.rfmod
    2012-06-18 12:41 - 2012-06-18 12:33 - 63386619 ____A C:\Users\Gary\Downloads\Snetterton 300 track.7z
    2012-06-17 23:19 - 2012-06-17 23:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Macromedia
    2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Juli\Desktop\rFactor2.lnk
    2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Gary\Desktop\rFactor2.lnk
    2012-06-17 01:24 - 2012-06-17 01:09 - 515492056 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build90_Setup.exe
    2012-06-16 23:46 - 2012-05-03 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-16 08:57 - 2012-06-16 08:57 - 00003584 ____A C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-16 07:28 - 2012-06-16 07:28 - 00000000 ___HD C:\Users\Gary\Desktop\.picasaoriginals
    2012-06-16 07:18 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\iPhone Dump
    2012-06-15 23:19 - 2012-03-03 08:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-15 10:08 - 2012-06-15 10:06 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.rFactor
    2012-06-14 21:54 - 2009-07-13 20:45 - 00316368 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 14:00 - 2012-03-07 03:01 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-10 09:26 - 2012-06-10 09:26 - 00000000 ____D C:\Users\Gary\Downloads\autocross italia cars and tracks
    2012-06-10 06:12 - 2012-06-10 01:21 - 1283868187 ____A C:\Users\Gary\Downloads\autocross italia cars and tracks.rar
    2012-06-10 04:57 - 2012-06-10 04:45 - 177209098 ____A C:\Users\Gary\Downloads\PCC_2007_Setup.exe
    2012-06-10 04:48 - 2012-03-07 04:04 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.purple
    2012-06-10 00:49 - 2012-06-10 00:49 - 00527122 ____A C:\Users\Gary\Desktop\flash.bmp
    2012-06-09 12:12 - 2012-06-09 12:12 - 00002508 ____A C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
    2012-06-09 12:12 - 2012-06-09 12:12 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2012-06-09 12:10 - 2012-06-09 12:10 - 02721168 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows7-USB-DVD-tool.exe
    2012-06-09 11:23 - 2012-06-09 11:23 - 00001070 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
    2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\All Users\Astroburn Lite
    2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
    2012-06-09 11:22 - 2012-06-09 11:21 - 05327264 ____A (Canneverbe Limited ) C:\Users\Gary\Downloads\cdbxp_setup_4.4.1.3184.exe
  11. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    2012-06-09 11:10 - 2012-06-09 11:10 - 00000000 ____D C:\$WINDOWS.~BT
    2012-06-09 11:10 - 2012-05-31 14:01 - 00001388 ____A C:\Users\Gary\Desktop\Install Windows.lnk
    2012-06-09 11:07 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\.VirtualBox
    2012-06-09 11:04 - 2012-06-09 11:03 - 00142264 ____A C:\Users\Gary\Downloads\UWT(1).zip
    2012-06-08 22:46 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-07 12:09 - 2012-06-07 12:07 - 74938301 ____A (GPLPS ) C:\Users\Gary\Downloads\gplinstallmax_0.97_UK.exe
    2012-06-07 11:16 - 2012-06-07 11:16 - 298792988 ____A C:\Windows\MEMORY.DMP
    2012-06-07 11:16 - 2012-06-07 11:16 - 00274328 ____A C:\Windows\Minidump\060712-17862-01.dmp
    2012-06-07 11:16 - 2012-06-07 11:16 - 00000000 ____D C:\Windows\Minidump
    2012-06-04 13:56 - 2012-06-04 13:56 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-04 11:11 - 2012-06-04 11:11 - 16574016 ____A (Mozilla) C:\Users\Gary\Downloads\Firefox Setup 13.0.exe
    2012-06-04 03:39 - 2012-06-04 03:38 - 07730747 ____A C:\Users\Gary\Downloads\mariopaintcomposerpc.zip
    2012-06-02 14:19 - 2012-06-18 21:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-18 21:56 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-18 21:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-18 21:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-18 21:56 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-18 21:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-18 21:56 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 06:19 - 2012-06-18 21:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 06:15 - 2012-06-18 21:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 14:04 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\VirtualBox VMs
    2012-05-31 13:01 - 2012-05-31 13:01 - 00000000 ___RD C:\ESD
    2012-05-31 12:46 - 2012-05-31 12:45 - 05350616 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe
    2012-05-29 10:33 - 2012-05-29 10:33 - 00004033 ____A C:\Users\Gary\Documents\feedreader.opml
    2012-05-29 07:42 - 2012-05-29 07:41 - 00000000 ____D C:\Program Files (x86)\RSSOwl
    2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Juli\Desktop\RSSOwl.lnk
    2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Gary\Desktop\RSSOwl.lnk
    2012-05-29 07:40 - 2012-05-29 07:40 - 03960791 ____A (RSSOwl Team) C:\Users\Gary\Downloads\RSSOwl Setup 2.1.2.exe
    2012-05-27 11:59 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_Pach_1-1
    2012-05-27 11:59 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_1_11_update
    2012-05-27 11:59 - 2012-05-27 11:54 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_v1_0
    2012-05-27 11:57 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\T2
    2012-05-27 11:57 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BuckmorePark
    2012-05-27 11:55 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\nring
    2012-05-26 13:14 - 2012-05-05 22:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
    2012-05-26 13:09 - 2012-05-05 22:35 - 00000000 ____D C:\Users\Gary\AppData\Local\Microsoft Game Studios
    2012-05-26 12:17 - 2012-05-26 12:17 - 00000000 ____D C:\Users\Gary\Documents\Games for Windows - LIVE Demos
    2012-05-26 12:13 - 2012-05-26 12:13 - 00000000 ____D C:\Windows\SysWOW64\xlive
    2012-05-26 12:13 - 2012-05-26 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2012-05-26 12:13 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-05-26 12:10 - 2012-05-26 12:10 - 00642712 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\gfwlivesetup_4d5308d2e0000001.exe
    2012-05-25 10:27 - 2012-05-25 10:22 - 58881345 ____A C:\Users\Gary\Downloads\Nring2012.exe
    2012-05-24 22:01 - 2012-05-24 22:01 - 00000216 ____A C:\Users\Gary\Downloads\F12012LIGUEV1.rar
    2012-05-24 14:44 - 2012-05-24 11:39 - 332800000 ____A C:\Users\Gary\Downloads\F12012LIGUEV1.rar.part
    2012-05-24 12:15 - 2012-05-24 12:15 - 22065580 ____A C:\Users\Gary\Downloads\T2.rar
    2012-05-23 22:08 - 2012-05-20 02:36 - 00000000 ____D C:\Users\Gary\AppData\Local\Downloaded Installations
    2012-05-23 22:08 - 2012-05-20 02:35 - 00000000 ____D C:\Program Files (x86)\HTC
    2012-05-23 13:32 - 2012-05-23 08:57 - 00000000 ____D C:\Users\Gary\AppData\Roaming\MetroTwit
    2012-05-23 08:57 - 2012-05-23 08:57 - 00000308 ____A C:\Users\Gary\Desktop\MetroTwit.appref-ms
    2012-05-23 08:44 - 2012-05-23 08:44 - 00434800 ____A () C:\Users\Gary\Downloads\MetroTwitSetup.exe
    2012-05-22 14:31 - 2012-05-22 13:45 - 140462323 ____A C:\Users\Gary\Downloads\BRKart_Pach_1-1.rar
    2012-05-22 14:21 - 2012-05-22 13:41 - 70960364 ____A C:\Users\Gary\Downloads\BuckmorePark.rar
    2012-05-22 14:10 - 2012-05-22 13:44 - 231914545 ____A C:\Users\Gary\Downloads\BRKart_v1_0.rar
    2012-05-22 13:56 - 2012-05-22 13:42 - 377955143 ____A () C:\Users\Gary\Downloads\F1 1976 LE v1.1.exe
    2012-05-22 13:48 - 2012-05-22 13:46 - 23242633 ____A C:\Users\Gary\Downloads\BRKart_1_11_update.rar
    2012-05-22 05:29 - 2012-03-04 15:20 - 00000000 ____D C:\Users\Gary\AppData\Local\Paint.NET
    2012-05-21 22:08 - 2012-05-20 02:35 - 00023262 ____A C:\Windows\DPINST.LOG
    2012-05-21 13:37 - 2012-05-21 13:37 - 00259702 ____A C:\Windows\msxml4-KB973685-enu.LOG
    2012-05-20 02:57 - 2012-05-20 02:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-05-20 02:49 - 2012-05-20 02:17 - 00000000 ____D C:\ruu_log
    2012-05-20 02:48 - 2012-05-20 02:43 - 157814460 ____A (Acresso Software Inc. ) C:\Users\Gary\Downloads\RUU_Bravo_TMO_UK_1.21.110.4_Radio_32.36.00.28U_4.06.00.02_2_release_127570_signed.exe
    2012-05-20 02:48 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\Defy Dump
    2012-05-20 02:35 - 2012-05-20 02:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-05-20 02:35 - 2012-05-20 02:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-05-20 02:35 - 2012-03-12 03:51 - 00000000 ____D C:\Program Files (x86)\Adobe
    2012-05-20 02:35 - 2012-03-12 02:52 - 00000000 ____D C:\Users\Gary\AppData\Local\Adobe
    2012-05-20 02:35 - 2012-03-12 02:28 - 00000000 ____D C:\Users\All Users\Adobe
    2012-05-20 02:35 - 2012-03-04 19:10 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
    2012-05-20 02:35 - 2012-03-03 08:22 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Adobe
    2012-05-20 02:27 - 2012-05-20 02:22 - 160724984 ____A (HTC Corporation ) C:\Users\Gary\Downloads\setup_3.2.10.exe
    2012-05-20 02:19 - 2012-05-20 02:14 - 189028561 ____A C:\Users\Gary\Downloads\JRDNEM_U3_3.4.2_179-6.1_BLUR_SIGN_SIGNED_USAJRDNEMARAB1B8TMGB03A.0R_PDS03C_USAJRDNFRYOTMGB_P023_A011_M003_HWp3_Service1FF.sbf.gz
    2012-05-20 02:11 - 2012-05-20 02:05 - 176514251 ____A (Acresso Software Inc. ) C:\Users\Gary\Downloads\RUU_Bravo_Froyo_HTC_WWE_2.29.405.2_Radio_32.49.00.32U_5.11.05.27_release_151783_signed.exe
    2012-05-20 02:05 - 2012-05-20 02:04 - 30296536 ____A C:\Users\Gary\Downloads\OTA_Bravo_Froyo_HTC_WWE_2.29.405.2-2.10.405.2_R_P_release8gn61bgo3rswcw24.zip
    2012-05-20 01:45 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\Desire Dump
    2012-05-19 03:04 - 2012-05-19 03:04 - 00270240 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-05-19 03:04 - 2012-05-16 13:04 - 00270240 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-05-19 03:03 - 2012-05-19 03:03 - 00000000 ____D C:\Users\Gary\AppData\Local\PunkBuster
    2012-05-17 18:47 - 2012-06-14 13:57 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-14 13:57 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-14 13:57 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-14 13:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-14 13:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-14 13:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-14 13:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-14 13:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-14 13:57 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-14 13:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-14 13:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-14 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-14 13:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-14 13:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-14 13:57 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-14 13:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-14 13:57 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-14 13:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-14 13:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-14 13:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-14 13:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-14 13:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-14 13:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-14 13:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-14 13:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-14 13:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-14 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-14 13:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-17 13:12 - 2012-05-17 13:12 - 00000000 ____D C:\Users\Gary\Downloads\Chernobyl NPP v1.3
    2012-05-17 13:11 - 2012-05-17 12:53 - 00000000 ____D C:\Users\Gary\Documents\Battlefield Heroes
    2012-05-16 13:04 - 2012-05-16 13:04 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-05-16 13:04 - 2012-05-16 13:04 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-05-16 12:39 - 2012-05-16 12:39 - 00000000 ____D C:\Program Files (x86)\EA Games
    2012-05-15 19:53 - 2012-06-05 07:18 - 00000000 ____D C:\Users\Gary\Downloads\GameData
    2012-05-15 12:45 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
    2012-05-15 12:39 - 2012-05-15 12:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
    2012-05-15 12:39 - 2012-05-15 12:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
    2012-05-14 17:32 - 2012-06-14 00:22 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 12:15 - 2012-05-14 12:14 - 39310218 ____A C:\Users\Gary\Downloads\Chernobyl NPP v1.3.7z
    2012-05-13 13:41 - 2012-05-13 13:41 - 00000000 ____D C:\Users\Gary\Downloads\FDGSpecialEvents Frank n Beanz Ring - Manual Install
    2012-05-13 00:29 - 2012-04-15 02:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-05-13 00:29 - 2012-04-15 02:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 02:51 - 2012-05-12 02:51 - 00000000 ___RD C:\Users\Gary\Podcasts
    2012-05-12 02:51 - 2012-05-12 02:49 - 00000000 ____D C:\Program Files\Zune
    2012-05-12 02:49 - 2012-05-12 02:49 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
    2012-05-12 02:38 - 2012-05-12 02:35 - 105664248 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\ZuneSetupPkg.exe
    2012-05-11 14:00 - 2012-05-11 13:59 - 49881947 ____A C:\Users\Gary\Downloads\FDGSpecialEvents Frank n Beanz Ring - Manual Install.zip
    2012-05-10 14:01 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-10 13:34 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\Flat_v1_1_for_Rainmeter_by_theking9794
    2012-05-10 13:22 - 2012-05-10 13:22 - 00000000 ____D C:\Windows\W7SBC
    2012-05-10 13:21 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\W7SBC
    2012-05-10 13:21 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae
    2012-05-10 13:21 - 2012-03-03 03:25 - 00069816 ____A C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-10 11:05 - 2012-05-10 11:05 - 00613947 ____A C:\Users\Gary\Downloads\W7SBC.zip
    2012-05-10 11:05 - 2012-05-10 11:05 - 00003366 ____A C:\Users\Gary\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae.rar
    2012-05-10 11:04 - 2012-05-10 11:04 - 00096158 ____A C:\Users\Gary\Downloads\elementary_rainmeter_1_4_3_by_flyinghyrax-d41afl8.rmskin
    2012-05-10 11:03 - 2012-05-10 11:03 - 03515821 ____A C:\Users\Gary\Downloads\Flat_v1_1_for_Rainmeter_by_theking9794.zip
    2012-05-10 07:55 - 2012-05-10 07:55 - 00000000 ____D C:\Users\Gary\Documents\NTB
    2012-05-10 07:48 - 2012-05-10 07:48 - 00000000 ____D C:\Users\Gary\Documents\Rainmeter
    2012-05-10 07:48 - 2012-05-10 07:48 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Rainmeter
    2012-05-10 07:46 - 2012-05-10 07:46 - 00000000 ____D C:\Program Files\Rainmeter
    2012-05-10 07:45 - 2012-05-10 07:45 - 01392000 ____A C:\Users\Gary\Downloads\Rainmeter-2.2.exe
    2012-05-07 14:32 - 2012-05-07 14:32 - 00000000 ____D C:\Users\Gary\Downloads\SandownRaceway
    2012-05-07 13:34 - 2012-05-07 13:32 - 39837120 ____A C:\Users\Gary\Downloads\SandownRaceway.rar
    2012-05-06 23:13 - 2012-04-27 14:17 - 00018157 ____A C:\Users\Gary\Documents\Budget 2012.ods
    2012-05-06 07:36 - 2012-05-06 07:35 - 00000000 ____D C:\Users\Gary\Downloads\AlcazabaSpeedRing V1200
    2012-05-06 07:35 - 2012-05-06 07:28 - 103563611 ____A C:\Users\Gary\Downloads\AlcazabaSpeedRing V1200.rar
    2012-05-06 03:01 - 2012-05-06 03:01 - 00286720 ____A (Indigo Rose Corporation) C:\Windows\iun506.exe
    2012-05-06 03:01 - 2012-05-05 22:42 - 00000000 ____D C:\Users\Gary\Documents\Flight Simulator X Files
    2012-05-06 03:00 - 2012-05-06 03:00 - 00000000 ____D C:\Users\Gary\Downloads\vfrairfields-vol1demo
    2012-05-06 02:59 - 2012-05-06 02:58 - 34650856 ____A C:\Users\Gary\Downloads\vfrairfields-vol1demo.zip
    2012-05-05 22:37 - 2012-05-05 22:23 - 00000000 ____D C:\Users\Gary\Desktop\Crack
    2012-05-05 22:36 - 2012-03-03 08:56 - 00320674 ____A C:\Windows\DirectX.log
    2012-05-05 22:28 - 2012-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2012-05-05 22:15 - 2012-05-05 22:15 - 00000000 ____D C:\Windows\PCHEALTH
    2012-05-05 22:13 - 2012-05-05 22:10 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2012-05-05 22:12 - 2012-05-05 22:10 - 00000000 ____D C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
    2012-05-05 22:10 - 2012-05-05 22:10 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-05-05 22:10 - 2012-05-05 22:10 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2012-05-05 22:09 - 2012-05-05 22:09 - 14229744 ____A (DT Soft Ltd) C:\Users\Gary\Downloads\DTLite4454-0315.exe
    2012-05-05 15:02 - 2012-05-05 09:53 - 00000000 ____D C:\Users\Gary\Downloads\Flight Simulator X + Acceleration
    2012-05-05 10:12 - 2012-05-05 10:12 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Gary\Downloads\PeerBlock-Setup_v1.1_r518.exe
    2012-05-05 10:10 - 2012-05-05 10:10 - 00891724 ____A (Phoenix Labs ) C:\Users\Gary\Downloads\pg2-051118-nt.exe
    2012-05-05 07:37 - 2012-05-05 07:36 - 13351032 ____A (Genie9) C:\Users\Gary\Downloads\GenieTimeline3Free.exe
    2012-05-04 03:06 - 2012-06-14 00:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:41 - 2012-05-04 02:41 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-05-04 02:41 - 2012-05-04 02:41 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-05-04 02:41 - 2012-05-04 02:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-05-04 02:41 - 2012-05-04 02:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-05-04 02:41 - 2012-05-04 02:41 - 00000000 ____D C:\Program Files (x86)\Java
    2012-05-04 02:41 - 2012-03-07 03:11 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-05-04 02:39 - 2012-05-04 02:39 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Gary\Downloads\jxpiinstall.exe
    2012-05-04 02:05 - 2012-05-04 02:05 - 00000000 ____D C:\Program Files\Charles
    2012-05-04 02:04 - 2012-05-04 02:03 - 07856128 ____A C:\Users\Gary\Downloads\charles-proxy_3.6.5_x64.msi
    2012-05-04 02:03 - 2012-06-14 00:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 02:03 - 2012-06-14 00:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 00:24 - 2012-05-04 00:24 - 00483328 ____A (Simon Tatham) C:\Users\Gary\Downloads\putty.exe
    2012-05-03 14:07 - 2012-05-03 14:07 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-05-03 12:24 - 2012-05-03 12:24 - 05233720 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ConsumerPreview-setup.exe
    2012-04-29 12:05 - 2012-04-29 12:05 - 00000000 ____D C:\Users\Gary\Downloads\CoffsHarbour105
    2012-04-29 10:18 - 2012-04-29 09:55 - 00000000 ____D C:\Users\Gary\Documents\CARS
    2012-04-29 09:39 - 2012-04-29 09:39 - 00001061 ____A C:\Users\Public\Desktop\Project CARS -DX11.lnk
    2012-04-29 09:39 - 2012-04-29 09:39 - 00001049 ____A C:\Users\Public\Desktop\Project CARS.lnk
    2012-04-29 09:34 - 2012-04-29 09:34 - 00000000 ____D C:\Program Files (x86)\WMD
    2012-04-29 09:34 - 2012-04-29 09:33 - 00000000 ____D C:\Program Files\Project CARS
    2012-04-29 09:32 - 2012-04-29 09:32 - 00000000 ____D C:\Program Files\New folder
    2012-04-29 09:29 - 2012-04-29 07:56 - 3209219122 ____A C:\Users\Gary\Downloads\pCARS_0189_pre-alpha_PC-EXT_SFX.exe
    2012-04-29 07:57 - 2012-03-06 14:43 - 505545008 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build49_Setup.exe
    2012-04-29 06:03 - 2012-04-29 05:54 - 158639608 ____A C:\Users\Gary\Downloads\CoffsHarbour105.zip
    2012-04-28 12:44 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Gary\Documents\ShipSimExtremesDemo Userdata
    2012-04-28 12:44 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Quest3D
    2012-04-28 12:43 - 2012-04-28 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2012-04-27 22:11 - 2012-04-27 22:11 - 00000000 ____D C:\Users\Public\Documents\sun
    2012-04-27 19:55 - 2012-06-14 00:22 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-27 15:01 - 2012-04-27 15:01 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 3.5.lnk
    2012-04-27 15:01 - 2012-04-27 15:00 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.5
    2012-04-27 15:01 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
    2012-04-27 14:49 - 2012-04-27 14:40 - 211537920 ____A C:\Users\Gary\Downloads\LibO_3.5.2_Win_x86_install_multi.msi
    2012-04-27 13:30 - 2012-04-27 13:29 - 00000000 ____D C:\Users\Gary\Downloads\maggiora
    2012-04-27 12:50 - 2012-04-27 12:49 - 09267066 ____A C:\Users\Gary\Downloads\minirx.rar
    2012-04-27 12:49 - 2012-04-27 12:43 - 42610851 ____A C:\Users\Gary\Downloads\maggiora.rar
    2012-04-27 12:44 - 2012-04-27 12:42 - 41970650 ____A C:\Users\Gary\Downloads\Kart Cross 1.00.rar
    2012-04-25 21:41 - 2012-06-14 00:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-14 00:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-14 00:23 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 09:30 - 2012-03-03 08:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Google
    2012-04-25 02:57 - 2012-04-25 02:57 - 00002137 ____A C:\Users\Gary\Documents\Dispute text.rtf
    2012-04-25 00:56 - 2012-03-04 00:53 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Feedreader
    2012-04-24 07:21 - 2012-04-24 07:21 - 00000894 ____A C:\Users\Gary\Downloads\favicon.ico
    2012-04-24 00:57 - 2012-04-24 00:57 - 00090253 ____A C:\Users\Gary\Downloads\winroll-2.0.exe
    2012-04-23 08:31 - 2012-04-23 08:31 - 00000000 ____D C:\Users\Gary\AppData\Local\ActiveState
    2012-04-23 08:30 - 2012-04-23 08:30 - 00001974 ____A C:\Users\Public\Desktop\Komodo Edit 7.lnk
    2012-04-23 08:29 - 2012-04-23 08:29 - 00000000 ____D C:\Program Files (x86)\ActiveState Komodo Edit 7
    2012-04-23 04:20 - 2012-04-23 04:18 - 50445312 ____A C:\Users\Gary\Downloads\Komodo-Edit-7.0.2-9923.msi
    2012-04-22 03:55 - 2012-04-22 03:55 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2012-04-22 03:55 - 2012-03-04 12:11 - 00000000 ____D C:\Program Files (x86)\Google
    2012-04-21 23:44 - 2012-04-21 23:44 - 00000000 ____D C:\Program Files\Oracle
    2012-04-21 23:42 - 2012-04-21 23:40 - 94073136 ____A (Oracle Corporation) C:\Users\Gary\Downloads\VirtualBox-4.1.12-77245-Win.exe
    2012-04-15 07:34 - 2012-04-15 07:34 - 00272445 ____A C:\Users\Gary\Downloads\photo.php
    2012-04-15 02:38 - 2012-04-15 02:38 - 00002355 ____A C:\Users\Gary\Desktop\Sky Go Desktop.lnk
    2012-04-15 02:32 - 2012-04-15 02:31 - 13072536 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Silverlight_x64.exe
    2012-04-13 01:44 - 2009-07-13 18:34 - 00000441 ____A C:\Windows\win.ini
    2012-04-12 06:35 - 2012-04-11 05:50 - 00000000 ____D C:\Users\Gary\AppData\Local\Microsoft Games
    2012-04-12 06:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-04-11 04:28 - 2012-04-11 04:28 - 00000000 ____D C:\Users\Gary\AppData\Roaming\LibreOffice
    2012-04-09 02:18 - 2012-04-09 02:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-04-08 04:59 - 2012-04-08 04:59 - 00066984 ____A C:\Users\Juli\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-08 04:59 - 2012-04-08 04:59 - 00000020 ___SH C:\Users\Juli\ntuser.ini
    2012-04-08 04:59 - 2012-04-08 04:59 - 00000000 ____D C:\Users\Juli\AppData\Local\VirtualStore
    2012-04-08 04:59 - 2012-04-08 04:59 - 00000000 ____D C:\users\Juli
    2012-04-04 06:56 - 2012-06-25 13:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-03 05:19 - 2012-04-21 23:44 - 00224048 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
    2012-04-03 05:19 - 2012-04-21 23:44 - 00130864 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
    2012-04-03 05:19 - 2012-04-03 05:19 - 00320816 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
    2012-04-03 05:19 - 2012-04-03 05:19 - 00166192 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
    2012-04-03 05:19 - 2012-04-03 05:19 - 00147248 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
    2012-04-02 05:31 - 2012-04-02 05:31 - 00000000 ____D C:\Users\Gary\Documents\SimBin
    2012-04-02 04:07 - 2012-03-04 10:06 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\F.lux
    2012-03-30 03:35 - 2012-05-09 22:02 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-30 03:14 - 2012-03-30 03:13 - 00000000 ____D C:\xampp
    2012-03-30 03:12 - 2012-03-30 03:10 - 84881998 ____A C:\Users\Gary\Downloads\xampp-win32-1.7.7-VC9-installer.exe
    2012-03-30 03:10 - 2012-03-30 03:07 - 00000000 ____D C:\wamp
    2012-03-30 03:07 - 2012-03-30 03:06 - 26024903 ____A (Hervé Leclerc (HeL) ) C:\Users\Gary\Downloads\wampserver2.2d-x64.exe

    ZeroAccess:
    C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}
    C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\L
    C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\U

    ZeroAccess:
    C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}
    C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\@
    C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\L
    C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8190.49 MB
    Available physical RAM: 7392.66 MB
    Total Pagefile: 8188.64 MB
    Available Pagefile: 7384.96 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:277.48 GB) (Free:33.28 GB) NTFS
    2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (New Volume) (Fixed) (Total:20.02 GB) (Free:19.92 GB) NTFS
    4 Drive g: (New Volume) (Fixed) (Total:20.51 GB) (Free:5.49 GB) NTFS
    6 Drive I: (WINBACK) (Fixed) (Total:186 GB) (Free:55.74 GB) FAT32
    7 Drive j: (USB2) (Removable) (Total:3.73 GB) (Free:0.01 GB) FAT32
    8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    9 Drive y: (New Volume) (Fixed) (Total:129.03 GB) (Free:124.42 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 149 GB 1024 KB
    Disk 1 Online 298 GB 1024 KB
    Disk 2 Online 465 GB 128 MB
    Disk 3 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 129 GB 1024 KB
    Partition 2 Primary 20 GB 129 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y New Volume NTFS Partition 129 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E New Volume NTFS Partition 20 GB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 277 GB 101 MB
    Partition 3 Primary 20 GB 277 GB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D System Rese NTFS Partition 100 MB Healthy

    ======================================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 277 GB Healthy

    ======================================================================================================

    Disk: 1
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 G New Volume NTFS Partition 20 GB Healthy

    ======================================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 200 MB 512 B
    Partition 2 Primary 279 GB 200 MB
    Partition 3 Primary 186 GB 279 GB

    ======================================================================================================

    Disk: 2
    Partition 1
    Type : EE
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 2
    Partition 2
    Type : AF
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 2
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I WINBACK FAT32 Partition 186 GB Healthy

    ======================================================================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3820 MB 4032 KB

    ======================================================================================================

    Disk: 3
    Partition 1
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 J USB2 FAT32 Removable 3820 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-18 04:59

    ======================= End Of Log ==========================
     
  12. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  13. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    Ok, here's the fix log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-27 21:50:53 Run:1
    Running from J:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    68b814fec318ebc3 service deleted successfully.
    HKEY_USERS\Gary\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
    C:\Windows\System32\services.exe.7D18329E94516DCB moved successfully.
    C:\Windows\System32\services.exe.688D6AAB913CC93F moved successfully.
    C:\Windows\System32\services.exe.DCF27A594CA36169 moved successfully.
    C:\Windows\System32\services.exe.6D4B17950EBA7705 moved successfully.
    C:\Windows\System32\services.exe.4FF89BF300A76428 moved successfully.
    C:\Windows\System32\services.exe.917D8942AD94DB84 moved successfully.
    C:\Windows\System32\services.exe.B137DDBB62458F10 moved successfully.
    C:\Windows\System32\services.exe.9F08FF7D297B9CC7 moved successfully.
    C:\Windows\System32\services.exe.46E3CDF4A4524BD6 moved successfully.
    C:\Windows\System32\services.exe.ADB0C22F79DB6DB5 moved successfully.
    C:\Windows\System32\services.exe.F4FD13ADB3D9A690 moved successfully.
    C:\Windows\System32\services.exe.47803BD757A17FC4 moved successfully.
    C:\Windows\System32\services.exe.29C16522D746982F moved successfully.
    C:\Windows\System32\services.exe.D51983B2DB21FA61 moved successfully.
    C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2} moved successfully.
    C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2} moved successfully.

    ==== End of Fixlog ====

    I'm now going to move on to the ComboFix bit.
  14. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    ...incidentally, when I rebooted I started to get the UAC prompt to run what I assume is the main offender .exe from my home directory. It kept popping back up as quickly as I could click no, so I'm in Safe Mode with Networking.
  15. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    C:\ComboFix.txt:

    ComboFix 12-06-27.01 - Gary 27/06/2012 22:05:29.3.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.7090 [GMT 1:00]
    Running from: c:\users\Gary\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Gary\0i763f66bz.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 21:12 . 2012-06-27 21:12 -------- d-----w- c:\users\Juli\AppData\Local\temp
    2012-06-27 21:12 . 2012-06-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-27 15:35 . 2012-06-27 15:36 -------- d-----w- C:\FRST
    2012-06-27 09:47 . 2012-06-27 10:55 -------- d-----w- c:\users\Gary\AppData\Roaming\Charles
    2012-06-27 09:46 . 2012-06-27 09:46 -------- d-----w- c:\program files\Charles
    2012-06-27 09:42 . 2012-06-27 09:41 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-27 09:42 . 2012-06-27 09:41 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-27 09:41 . 2012-06-27 09:41 -------- d-----w- c:\program files\Java
    2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-25 21:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:06 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-25 20:06 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
    2012-06-25 20:05 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFB3B40-5CC3-4B83-BCCE-1BA72FDE5EC6}\mpengine.dll
    2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-25 05:49 . 2012-06-25 05:49 74184 ----a-w- c:\windows\system32\drivers\68b814fec318ebc3.sys
    2012-06-24 18:19 . 2012-06-24 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Regensoft
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Red Kawa
    2012-06-19 05:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 05:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 05:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 05:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 05:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 05:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 05:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 05:55 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 05:55 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 07:19 . 2012-06-18 07:19 -------- d-----w- c:\users\Gary\AppData\Local\Macromedia
    2012-06-15 18:06 . 2012-06-15 18:08 -------- d-----w- c:\users\Gary\AppData\Roaming\.rFactor
    2012-06-14 08:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 08:23 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 08:23 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 08:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 08:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 08:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 08:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 08:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-09 20:12 . 2012-06-09 20:12 119808 ----a-r- c:\users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\program files (x86)\Astroburn Lite
    2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\programdata\Astroburn Lite
    2012-06-09 19:10 . 2012-06-09 19:10 -------- d-----w- C:\$WINDOWS.~BT
    2012-06-04 21:56 . 2012-06-16 07:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-06-04 21:56 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-04 21:56 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\users\Gary\VirtualBox VMs
    2012-05-31 22:04 . 2012-06-09 19:07 -------- d-----w- c:\users\Gary\.VirtualBox
    2012-05-31 21:01 . 2012-05-31 21:01 -------- d-----r- C:\ESD
    2012-05-29 15:42 . 2012-06-27 07:24 -------- d-----w- c:\users\Gary\.rssowl2
    2012-05-29 15:41 . 2012-05-29 15:42 -------- d-----w- c:\program files (x86)\RSSOwl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 18:16 . 2012-04-13 09:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 18:16 . 2012-03-07 09:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-26 20:18 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-26 20:18 . 2009-08-18 10:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-19 11:04 . 2012-05-19 11:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-19 11:04 . 2012-05-16 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-16 21:04 . 2012-05-16 21:04 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-16 21:04 . 2012-05-16 21:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-06 11:01 . 2012-05-06 11:01 286720 ----a-w- c:\windows\iun506.exe
    2012-05-06 06:10 . 2012-05-06 06:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-05-04 18:29 . 2012-05-04 10:41 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 18:29 . 2012-03-07 11:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-03 13:19 . 2012-04-22 07:44 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-04-03 13:19 . 2012-04-22 07:44 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2012-03-30 11:35 . 2012-05-10 06:02 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-06-25_19.48.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-06-27 21:14 . 2012-06-27 21:14 32867 c:\windows\temp\pdk-SYSTEM\fdd245dad343408ec5c5ce822278a3ef.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 36974 c:\windows\temp\pdk-SYSTEM\fabb8899d82671db2035759037c5c21d.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 24690 c:\windows\temp\pdk-SYSTEM\ec88994dca352281e37972313e1051d3.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 24676 c:\windows\temp\pdk-SYSTEM\e45711c2662171c15cd763238e7b579b.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 20591 c:\windows\temp\pdk-SYSTEM\dad8a2781d545b007729f2cb48fd26bf.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 82045 c:\windows\temp\pdk-SYSTEM\bd861f3e03052af93272c100d252f5e2.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 77921 c:\windows\temp\pdk-SYSTEM\97a2e6443b947d806decd51d47431523.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 36987 c:\windows\temp\pdk-SYSTEM\93e87ef6c56dffc312be353e105d2794.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 20573 c:\windows\temp\pdk-SYSTEM\928eff5d1bf763abff3068620c0b86b8.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 24673 c:\windows\temp\pdk-SYSTEM\50950b5b470c0d52ac0033d613e39f91.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 20587 c:\windows\temp\pdk-SYSTEM\447fb48712dd486a9cd82c51b98d23f0.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 24676 c:\windows\temp\pdk-SYSTEM\41aee7954778794bd4714ea7448138b2.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 28787 c:\windows\temp\pdk-SYSTEM\38ef4e4ee11476ccc691137589cfffb6.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 28772 c:\windows\temp\pdk-SYSTEM\353910329d0410f90709321989f5da58.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 20584 c:\windows\temp\pdk-SYSTEM\2ccfaf7bb3a4cf27fd33fe6d3bb6e380.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 41077 c:\windows\temp\pdk-SYSTEM\28e3b3c92d9d2a4e693dcf4167d15435.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 24667 c:\windows\temp\pdk-SYSTEM\222b2cd286d7221e4a55e436c190dd48.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 41085 c:\windows\temp\pdk-SYSTEM\0b1a35256e897f33b9748ab0b6d0033d.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 41064 c:\windows\temp\pdk-SYSTEM\04aaed0c4ab04791dc4e497c377d373b.dll
    + 2009-07-14 04:54 . 2012-06-27 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-06-25 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-06-27 07:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-25 07:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-06-27 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-06-25 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-03-03 16:11 . 2012-06-27 21:15 39728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-27 21:15 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2011-04-27 14:25 . 2011-04-27 14:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
    + 2011-04-18 12:18 . 2011-04-18 12:18 40832 c:\windows\system32\drivers\MpNWMon.sys
    + 2012-04-30 22:53 . 2012-06-25 20:51 4954 c:\windows\system32\wdi\ERCQueuedResolutions.dat
    + 2012-03-03 16:05 . 2012-06-27 21:15 9562 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-432926832-3655622850-39131558-1000_UserData.bin
    - 2012-06-25 19:47 . 2012-06-25 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-25 19:47 . 2012-06-25 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-27 21:14 . 2012-06-27 21:14 696435 c:\windows\temp\pdk-SYSTEM\ecefdc6daba859e2c7e17fc15ad129ff.dll
    + 2012-06-27 21:14 . 2012-06-27 21:14 815187 c:\windows\temp\pdk-SYSTEM\aa33d263ba8b3dd9f60e51317caf233f\perl58.dll
    + 2012-06-27 09:33 . 2012-05-04 18:29 227720 c:\windows\SysWOW64\javaws.exe
    + 2012-05-04 10:41 . 2012-06-27 09:38 174064 c:\windows\SysWOW64\javaw.exe
    + 2012-05-04 10:41 . 2012-06-27 09:38 174064 c:\windows\SysWOW64\java.exe
    + 2009-07-14 02:36 . 2012-06-25 20:02 654020 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-06-25 05:58 654020 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2012-06-25 20:02 121852 c:\windows\system32\perfc009.dat
    - 2009-07-14 02:36 . 2012-06-25 05:58 121852 c:\windows\system32\perfc009.dat
    + 2012-06-27 09:42 . 2012-06-27 09:41 268720 c:\windows\system32\javaws.exe
    + 2012-06-27 09:42 . 2012-06-27 09:41 189360 c:\windows\system32\javaw.exe
    + 2012-06-27 09:42 . 2012-06-27 09:41 188840 c:\windows\system32\java.exe
    + 2011-04-18 12:18 . 2011-04-18 12:18 189440 c:\windows\system32\drivers\MpFilter.sys
    + 2009-07-14 05:01 . 2012-06-27 20:41 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-06-25 19:46 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-06-27 09:41 . 2012-06-27 09:41 891392 c:\windows\Installer\8021aa.msi
    + 2012-06-27 09:34 . 2012-06-27 09:34 179200 c:\windows\Installer\801f07.msi
    + 2012-06-27 09:33 . 2012-06-27 09:33 461312 c:\windows\Installer\801ef1.msi
    + 2012-06-27 09:40 . 2012-06-27 09:40 7856128 c:\windows\Installer\8021ae.msi
    + 2011-05-19 16:23 . 2011-05-19 16:23 2708992 c:\windows\Installer\2fca0.msi
    + 2011-06-15 13:51 . 2011-06-15 13:51 1911808 c:\windows\Installer\2fc96.msi
    + 2012-03-03 19:14 . 2012-06-27 20:41 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
    + 2012-06-27 09:37 . 2012-06-27 09:37 17379328 c:\windows\Installer\80217b.msi
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Gary\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-06 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-3-5 380928]
    MDaemon - Shortcut.lnk - c:\program files (x86)\MDaemon\App\MDaemon.exe [2012-4-13 1433600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 257224]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
    S2 MDaemon;MDaemon;c:\progra~2\MDaemon\APP\MDAEMON.EXE [2012-03-03 1433600]
    S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2012-02-14 2169056]
    S2 WebAdmin;WebAdmin Server;c:\progra~2\MDaemon\WebAdmin\WebAdmin.exe [2010-06-22 215040]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
    S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-03-04 12904]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPNWMON
    *NewlyCreated* - NISDRV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:16]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
    TCP: Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
    FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
    FF - prefs.js: browser.startup.homepage - about:newtab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-0i763f66bz - c:\users\Gary\0i763f66bz.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\xampp\mysql\bin\mysqld.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\progra~2\MDaemon\APP\CFEngine.exe
    c:\progra~2\MDaemon\WorldClient\WorldClient.exe
    c:\progra~2\MDaemon\SpamAssassin\MDSpamD.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-27 22:25:11 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-27 21:25
    ComboFix2.txt 2012-06-25 20:48
    ComboFix3.txt 2012-06-25 19:53
    .
    Pre-Run: 35,887,665,152 bytes free
    Post-Run: 35,780,378,624 bytes free
    .
    - - End Of File - - 30B78A51A611A8D9EB6F1E6FE326BFCD
  16. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\68b814fec318ebc3.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  17. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    Here you go:

    ComboFix 12-06-27.01 - Gary 27/06/2012 23:28:21.4.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6244 [GMT 1:00]
    Running from: c:\users\Gary\Desktop\ComboFix.exe
    Command switches used :: c:\users\Gary\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\68b814fec318ebc3.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\68b814fec318ebc3.sys
    c:\windows\TEMP\pdk-SYSTEM\04aaed0c4ab04791dc4e497c377d373b.dll
    c:\windows\TEMP\pdk-SYSTEM\0b1a35256e897f33b9748ab0b6d0033d.dll
    c:\windows\TEMP\pdk-SYSTEM\222b2cd286d7221e4a55e436c190dd48.dll
    c:\windows\TEMP\pdk-SYSTEM\28e3b3c92d9d2a4e693dcf4167d15435.dll
    c:\windows\TEMP\pdk-SYSTEM\2ccfaf7bb3a4cf27fd33fe6d3bb6e380.dll
    c:\windows\TEMP\pdk-SYSTEM\353910329d0410f90709321989f5da58.dll
    c:\windows\TEMP\pdk-SYSTEM\38ef4e4ee11476ccc691137589cfffb6.dll
    c:\windows\TEMP\pdk-SYSTEM\41aee7954778794bd4714ea7448138b2.dll
    c:\windows\TEMP\pdk-SYSTEM\447fb48712dd486a9cd82c51b98d23f0.dll
    c:\windows\TEMP\pdk-SYSTEM\50950b5b470c0d52ac0033d613e39f91.dll
    c:\windows\TEMP\pdk-SYSTEM\928eff5d1bf763abff3068620c0b86b8.dll
    c:\windows\TEMP\pdk-SYSTEM\93e87ef6c56dffc312be353e105d2794.dll
    c:\windows\TEMP\pdk-SYSTEM\97a2e6443b947d806decd51d47431523.dll
    c:\windows\TEMP\pdk-SYSTEM\aa33d263ba8b3dd9f60e51317caf233f\perl58.dll
    c:\windows\TEMP\pdk-SYSTEM\bd861f3e03052af93272c100d252f5e2.dll
    c:\windows\TEMP\pdk-SYSTEM\dad8a2781d545b007729f2cb48fd26bf.dll
    c:\windows\TEMP\pdk-SYSTEM\e45711c2662171c15cd763238e7b579b.dll
    c:\windows\TEMP\pdk-SYSTEM\ec88994dca352281e37972313e1051d3.dll
    c:\windows\TEMP\pdk-SYSTEM\ecefdc6daba859e2c7e17fc15ad129ff.dll
    c:\windows\TEMP\pdk-SYSTEM\fabb8899d82671db2035759037c5c21d.dll
    c:\windows\TEMP\pdk-SYSTEM\fdd245dad343408ec5c5ce822278a3ef.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-27 22:33 . 2012-06-27 22:33 -------- d-----w- c:\users\Juli\AppData\Local\temp
    2012-06-27 22:33 . 2012-06-27 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-27 21:38 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-06-27 21:38 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E33BD745-0366-4E1C-9BEC-557926C26886}\mpengine.dll
    2012-06-27 21:20 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ECFD07D-9CD6-4C35-961F-00FE39C2348B}\mpengine.dll
    2012-06-27 15:35 . 2012-06-27 15:36 -------- d-----w- C:\FRST
    2012-06-27 09:47 . 2012-06-27 10:55 -------- d-----w- c:\users\Gary\AppData\Roaming\Charles
    2012-06-27 09:46 . 2012-06-27 09:46 -------- d-----w- c:\program files\Charles
    2012-06-27 09:42 . 2012-06-27 09:41 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-06-27 09:42 . 2012-06-27 09:41 839096 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-27 09:41 . 2012-06-27 09:41 -------- d-----w- c:\program files\Java
    2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Oracle
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-25 21:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:06 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-06-25 20:06 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
    2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-24 18:19 . 2012-06-24 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Regensoft
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\AviSynth 2.5
    2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Red Kawa
    2012-06-19 05:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-19 05:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-19 05:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-19 05:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-19 05:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-19 05:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-19 05:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-19 05:55 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-19 05:55 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-18 07:19 . 2012-06-18 07:19 -------- d-----w- c:\users\Gary\AppData\Local\Macromedia
    2012-06-15 18:06 . 2012-06-15 18:08 -------- d-----w- c:\users\Gary\AppData\Roaming\.rFactor
    2012-06-14 08:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-14 08:23 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-14 08:23 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-14 08:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-14 08:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-14 08:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-14 08:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 08:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-09 20:12 . 2012-06-09 20:12 119808 ----a-r- c:\users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\program files (x86)\Astroburn Lite
    2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\programdata\Astroburn Lite
    2012-06-09 19:10 . 2012-06-09 19:10 -------- d-----w- C:\$WINDOWS.~BT
    2012-06-04 21:56 . 2012-06-16 07:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2012-06-04 21:56 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-04 21:56 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\users\Gary\VirtualBox VMs
    2012-05-31 22:04 . 2012-06-09 19:07 -------- d-----w- c:\users\Gary\.VirtualBox
    2012-05-31 21:01 . 2012-05-31 21:01 -------- d-----r- C:\ESD
    2012-05-29 15:42 . 2012-06-27 07:24 -------- d-----w- c:\users\Gary\.rssowl2
    2012-05-29 15:41 . 2012-05-29 15:42 -------- d-----w- c:\program files (x86)\RSSOwl
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 18:16 . 2012-04-13 09:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 18:16 . 2012-03-07 09:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-26 20:18 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-05-26 20:18 . 2009-08-18 10:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-05-19 11:04 . 2012-05-19 11:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-05-19 11:04 . 2012-05-16 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-05-16 21:04 . 2012-05-16 21:04 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-05-16 21:04 . 2012-05-16 21:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-05-06 11:01 . 2012-05-06 11:01 286720 ----a-w- c:\windows\iun506.exe
    2012-05-06 06:10 . 2012-05-06 06:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-05-04 18:29 . 2012-05-04 10:41 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-04 18:29 . 2012-03-07 11:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-03 13:19 . 2012-04-22 07:44 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-04-03 13:19 . 2012-04-22 07:44 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2012-03-30 11:35 . 2012-05-10 06:02 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-06-27_21.14.30 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-03-03 16:11 . 2012-06-27 22:37 39886 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    - 2009-07-14 05:10 . 2012-06-27 21:15 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-06-27 22:37 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-03-03 16:05 . 2012-06-27 22:37 9618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-432926832-3655622850-39131558-1000_UserData.bin
    + 2012-06-27 22:35 . 2012-06-27 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-06-27 22:35 . 2012-06-27 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-03 16:28 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
    + 2012-03-03 16:28 . 2012-02-23 09:18 279656 c:\windows\system32\MpSigStub.exe
    - 2009-07-14 05:01 . 2012-06-27 20:41 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-06-27 22:34 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-03 19:14 . 2012-06-27 22:34 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
    - 2012-03-03 19:14 . 2012-06-27 20:41 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F.lux"="c:\users\Gary\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-06 1242448]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
    "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-3-5 380928]
    MDaemon - Shortcut.lnk - c:\program files (x86)\MDaemon\App\MDaemon.exe [2012-4-13 1433600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 257224]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200]
    S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
    S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
    S2 MDaemon;MDaemon;c:\progra~2\MDaemon\APP\MDAEMON.EXE [2012-03-03 1433600]
    S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2012-02-14 2169056]
    S2 WebAdmin;WebAdmin Server;c:\progra~2\MDaemon\WebAdmin\WebAdmin.exe [2010-06-22 215040]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
    S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-03-04 12904]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:16]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
    TCP: Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
    FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
    FF - prefs.js: browser.startup.homepage - about:newtab
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\xampp\mysql\bin\mysqld.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\progra~2\MDaemon\APP\CFEngine.exe
    c:\progra~2\MDaemon\WorldClient\WorldClient.exe
    c:\progra~2\MDaemon\SpamAssassin\MDSpamD.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-27 23:46:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-27 22:46
    ComboFix2.txt 2012-06-27 21:25
    ComboFix3.txt 2012-06-25 20:48
    ComboFix4.txt 2012-06-25 19:53
    .
    Pre-Run: 35,486,945,280 bytes free
    Post-Run: 35,060,199,424 bytes free
    .
    - - End Of File - - 109DD1350404D41ED3AFA899A1D61D64
  18. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    Good :)

    How is computer doing?

    ============================================

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =========================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  19. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.25.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Gary :: GARY-PC [administrator]

    28/06/2012 07:28:23
    mbam-log-2012-06-28 (07-28-23).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232273
    Time elapsed: 1 minute(s), 57 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  20. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    OTL logfile created on: 28/06/2012 07:39:34 - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Gary\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.56% Memory free
    16.00 Gb Paging File | 14.13 Gb Available in Paging File | 88.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.48 Gb Total Space | 32.54 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
    Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 129.03 Gb Total Space | 124.42 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
    Drive G: | 20.51 Gb Total Space | 5.49 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
    Drive H: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
    Drive I: | 20.02 Gb Total Space | 19.92 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
    Drive J: | 186.00 Gb Total Space | 55.74 Gb Free Space | 29.97% Space Free | Partition Type: FAT32

    Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    PRC - [2012/06/19 15:03:18 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/16 22:04:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/03/06 23:27:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2012/03/03 17:58:22 | 001,433,600 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\App\MDaemon.exe
    PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
    PRC - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
    PRC - [2011/09/09 18:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
    PRC - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
    PRC - [2010/06/22 11:05:54 | 000,215,040 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\WebAdmin\WebAdmin.exe
    PRC - [2010/06/22 11:02:02 | 000,221,696 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\WorldClient\WorldClient.exe
    PRC - [2010/06/22 10:34:50 | 000,125,952 | ---- | M] (Alt-N) -- C:\Program Files (x86)\MDaemon\App\CFEngine.exe
    PRC - [2010/06/22 10:21:34 | 005,156,930 | ---- | M] (Alt-N Technologies) -- C:\Program Files (x86)\MDaemon\SpamAssassin\MDSpamD.exe
    PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/19 15:03:17 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/19 15:03:16 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/19 15:03:16 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/19 15:03:16 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/06/19 15:03:16 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2010/11/10 20:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
    MOD - [2010/11/10 20:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
    MOD - [2010/11/10 20:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
    MOD - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
    MOD - [2010/11/10 20:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
    MOD - [2010/11/10 20:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
    MOD - [2010/11/10 20:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
    MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
    MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
    MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
    MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
    MOD - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012/02/15 00:31:16 | 002,169,056 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
    SRV:64bit: - [2011/11/10 04:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/06/24 19:16:16 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/19 15:03:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/16 08:19:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/16 22:04:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/03 17:58:22 | 001,433,600 | ---- | M] (Alt-N Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\MDaemon\App\MDaemon.exe -- (MDaemon)
    SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
    SRV - [2011/09/09 18:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
    SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
    SRV - [2010/06/22 11:05:54 | 000,215,040 | ---- | M] (Alt-N Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\MDaemon\WebAdmin\WebAdmin.exe -- (WebAdmin)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/05/06 07:10:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/04 20:32:24 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/10 04:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/11/10 04:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/11/10 03:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 3D 1A 7A EA 39 CD 01 [binary data]
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes,DefaultScope = {C4BB5D69-C08C-43F8-9D76-28A8A9EC3B65}
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{C4BB5D69-C08C-43F8-9D76-28A8A9EC3B65}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:newtab"
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
    FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
    FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 08:19:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/19 06:58:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 08:19:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/03/03 17:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions
    [2012/06/28 00:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions
    [2012/03/19 15:49:02 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
    [2012/05/16 21:05:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\battlefieldheroespatcher@ea.com
    [2012/03/06 22:10:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2012/06/09 23:35:49 | 000,000,000 | ---D | M] (Typing Stats) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\typingstats@lukasturek.org
    [2012/06/04 22:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/23 08:05:36 | 000,084,634 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
    [2012/06/21 07:29:06 | 000,193,959 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
    [2012/06/28 00:07:21 | 000,009,524 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{3E9A3920-1B27-11DA-8CD6-0800200C9A66}.XPI
    [2012/03/06 22:10:38 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
    [2012/05/18 22:24:49 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
    [2012/04/15 07:08:41 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
    [2012/06/06 20:17:18 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
    [2012/06/16 08:19:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/06/01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - Extension: Entanglement = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
    CHR - Extension: Angry Birds = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Beatlab = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk\1.0.1_0\
    CHR - Extension: YouTube = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: EM Calculator = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedkhglifjkdpijiphheomafjmkepigd\2.0_0\
    CHR - Extension: Look of Disapproval = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.2_0\
    CHR - Extension: Google Search = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Springpad = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
    CHR - Extension: Minimal = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
    CHR - Extension: Seesmic = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikhnbijacmpeikpnoeddepkehmcofgbh\1.2_0\
    CHR - Extension: Lock Tab = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikalcnjojfkpleicbncjmnieimjlfe\0.8.2_0\
    CHR - Extension: Chrome Clipper = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenmcdanhnljigfdkodoedgpckoifnmd\1.9.3_1\
    CHR - Extension: Image Properties Context Menu = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\
    CHR - Extension: eBay Extension for Google Chrome\u2122 (by eBay) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.5.3.2_0\
    CHR - Extension: ShiftEdit = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.32_0\
    CHR - Extension: Remove cookies for site. = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm\1.3_0\
    CHR - Extension: Gmail = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/06/27 23:35:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [F.lux] C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe ()
    O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
    O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
    O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDaemon - Shortcut.lnk = C:\Program Files (x86)\MDaemon\App\MDaemon.exe (Alt-N Technologies, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-432926832-3655622850-39131558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: Domain = greekattic.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/09/27 03:18:49 | 000,087,910 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
  21. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/28 07:38:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    [2012/06/28 00:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/28 00:00:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/27 23:46:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/27 22:03:55 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
    [2012/06/27 16:35:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/27 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Charles
    [2012/06/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Charles
    [2012/06/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
    [2012/06/27 10:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2012/06/27 10:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/06/27 10:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/06/25 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
    [2012/06/25 22:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/25 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
    [2012/06/25 21:34:52 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
    [2012/06/25 21:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/25 20:37:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/25 20:37:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/25 20:37:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/25 20:34:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/25 20:31:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/24 19:19:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Regensoft
    [2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft
    [2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Regensoft
    [2012/06/23 21:20:16 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    [2012/06/23 21:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
    [2012/06/23 21:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
    [2012/06/23 21:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
    [2012/06/23 21:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa
    [2012/06/18 08:19:46 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Macromedia
    [2012/06/16 16:28:18 | 000,000,000 | -H-D | C] -- C:\Users\Gary\Desktop\.picasaoriginals
    [2012/06/15 19:06:40 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\.rFactor
    [2012/06/09 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
    [2012/06/09 20:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
    [2012/06/09 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
    [2012/06/09 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
    [2012/06/09 20:10:26 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
    [2012/06/07 20:16:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/05/31 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Gary\VirtualBox VMs
    [2012/05/31 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Gary\.VirtualBox
    [2012/05/31 22:01:19 | 000,000,000 | R--D | C] -- C:\ESD
    [2012/05/29 16:42:45 | 000,000,000 | ---D | C] -- C:\Users\Gary\.rssowl2
    [2012/05/29 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
    [2012/05/29 16:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
    [2012/05/29 16:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSSOwl

    ========== Files - Modified Within 30 Days ==========

    [2012/06/28 07:43:21 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 07:43:21 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
    [2012/06/28 07:35:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 07:35:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/28 07:35:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 00:18:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/28 00:18:13 | 000,787,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/28 00:18:13 | 000,654,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/28 00:18:13 | 000,121,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/28 00:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/27 23:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/27 23:35:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/27 22:04:09 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
    [2012/06/27 21:38:26 | 000,000,600 | ---- | M] () -- C:\Users\Gary\AppData\Local\PUTTY.RND
    [2012/06/27 16:21:22 | 000,038,639 | ---- | M] () -- C:\Users\Gary\Desktop\shipping.png
    [2012/06/25 21:59:59 | 000,085,379 | ---- | M] () -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    [2012/06/25 21:35:06 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
    [2012/06/23 22:15:42 | 000,782,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/23 21:20:17 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
    [2012/06/23 21:20:07 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
    [2012/06/19 16:59:38 | 301,149,238 | ---- | M] () -- C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
    [2012/06/18 22:04:50 | 000,010,711 | ---- | M] () -- C:\Users\Gary\Desktop\Keys.ini
    [2012/06/17 10:34:47 | 000,000,816 | ---- | M] () -- C:\Users\Gary\Desktop\rFactor2.lnk
    [2012/06/16 17:57:00 | 000,003,584 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/16 16:28:18 | 000,682,161 | ---- | M] () -- C:\Users\Gary\Desktop\2011-05-23_13-23-59_765.jpg
    [2012/06/15 06:54:22 | 000,316,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/10 09:49:50 | 000,527,122 | ---- | M] () -- C:\Users\Gary\Desktop\flash.bmp
    [2012/06/10 08:20:15 | 000,031,715 | ---- | M] () -- C:\Users\Gary\Desktop\flash.jpg
    [2012/06/09 21:12:36 | 000,002,508 | ---- | M] () -- C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/06/09 20:23:38 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
    [2012/06/09 20:10:23 | 000,001,388 | ---- | M] () -- C:\Users\Gary\Desktop\Install Windows.lnk
    [2012/06/07 20:16:20 | 298,792,988 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/06/04 22:56:25 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/06/02 08:44:23 | 000,001,047 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/05/29 19:33:59 | 000,004,033 | ---- | M] () -- C:\Users\Gary\Documents\feedreader.opml
    [2012/05/29 16:41:29 | 000,001,869 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
    [2012/05/29 16:41:29 | 000,001,845 | ---- | M] () -- C:\Users\Gary\Desktop\RSSOwl.lnk

    ========== Files Created - No Company Name ==========

    [2012/06/27 16:21:22 | 000,038,639 | ---- | C] () -- C:\Users\Gary\Desktop\shipping.png
    [2012/06/25 21:59:57 | 000,085,379 | ---- | C] () -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    [2012/06/25 21:02:40 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/25 20:37:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/25 20:37:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/25 20:37:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/25 20:37:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/25 20:37:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/23 21:20:17 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
    [2012/06/23 21:20:07 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
    [2012/06/19 17:53:08 | 301,149,238 | ---- | C] () -- C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
    [2012/06/18 22:04:49 | 000,010,711 | ---- | C] () -- C:\Users\Gary\Desktop\Keys.ini
    [2012/06/17 10:34:47 | 000,000,816 | ---- | C] () -- C:\Users\Gary\Desktop\rFactor2.lnk
    [2012/06/16 17:57:00 | 000,003,584 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/16 16:28:18 | 000,682,161 | ---- | C] () -- C:\Users\Gary\Desktop\2011-05-23_13-23-59_765.jpg
    [2012/06/10 09:49:50 | 000,527,122 | ---- | C] () -- C:\Users\Gary\Desktop\flash.bmp
    [2012/06/10 08:20:15 | 000,031,715 | ---- | C] () -- C:\Users\Gary\Desktop\flash.jpg
    [2012/06/09 21:12:36 | 000,002,508 | ---- | C] () -- C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/06/09 20:23:38 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
    [2012/06/07 20:16:20 | 298,792,988 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/04 22:56:25 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/05/31 23:01:53 | 000,001,388 | ---- | C] () -- C:\Users\Gary\Desktop\Install Windows.lnk
    [2012/05/29 19:33:59 | 000,004,033 | ---- | C] () -- C:\Users\Gary\Documents\feedreader.opml
    [2012/05/29 16:41:29 | 000,001,869 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
    [2012/05/29 16:41:29 | 000,001,845 | ---- | C] () -- C:\Users\Gary\Desktop\RSSOwl.lnk
    [2012/05/16 22:04:39 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/05/16 22:04:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/05/12 19:11:17 | 000,000,600 | ---- | C] () -- C:\Users\Gary\AppData\Local\PUTTY.RND
    [2012/03/06 00:11:33 | 000,007,603 | ---- | C] () -- C:\Users\Gary\AppData\Local\resmon.resmoncfg
    [2012/03/03 17:15:57 | 000,787,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/03 12:13:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/11/10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/13 00:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2012/06/27 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.purple
    [2012/06/15 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.rFactor
    [2012/06/27 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Charles
    [2012/05/06 07:12:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
    [2012/06/28 07:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Dropbox
    [2012/03/12 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\EditPlus 3
    [2012/04/25 09:56:29 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Feedreader
    [2012/03/05 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Launchy
    [2012/04/11 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\LibreOffice
    [2012/05/23 22:32:19 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\MetroTwit
    [2012/03/04 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Notepad++
    [2012/04/28 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Quest3D
    [2012/05/10 16:48:15 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Rainmeter
    [2012/03/03 20:04:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Thunderbird
    [2012/03/09 11:01:40 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Titanium
    [2012/06/24 23:44:10 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\uTorrent
    [2012/06/09 07:46:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2012/06/27 23:46:00 | 000,024,502 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/28 07:35:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 07:35:34 | 4293,386,239 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/07 12:59:22 | 000,000,221 | -HS- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/27 22:04:09 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
    [2012/06/25 21:35:06 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
    [2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/28 00:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/28 07:35:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/27 23:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 07:35:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/09 07:46:01 | 000,032,612 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/03/07 12:58:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/03/07 12:58:29 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/03/07 12:59:22 | 000,000,402 | -HS- | M] () -- C:\Users\Gary\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >
  22. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    OTL Extras logfile created on: 28/06/2012 07:39:34 - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Gary\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.56% Memory free
    16.00 Gb Paging File | 14.13 Gb Available in Paging File | 88.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 277.48 Gb Total Space | 32.54 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
    Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 129.03 Gb Total Space | 124.42 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
    Drive G: | 20.51 Gb Total Space | 5.49 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
    Drive H: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
    Drive I: | 20.02 Gb Total Space | 19.92 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
    Drive J: | 186.00 Gb Total Space | 55.74 Gb Free Space | 29.97% Space Free | Partition Type: FAT32

    Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .reg [@ = regfile] -- C:\Windows\regedit.exe ()

    [HKEY_USERS\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [open] -- regedit.exe "%1" ()
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5EDDBF5C-A7E8-4E55-A9B7-7E08EB0CC842}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ED0AF274-2A45-48CB-B670-31F4E11DA4B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0A2F1086-38FC-43C3-AC13-EAAAE53890D8}" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
    "{0C43D6C4-92E0-4258-9A16-D3C5072A24AB}" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{238B6F66-5F12-4A19-B4FD-90DBCA43CFCA}" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
    "{29A7A1E7-D47B-4A7C-B4A9-6C2482552E93}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{4AE89123-E799-4B47-88CF-DE290FBB6653}" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A1B55E6A-1676-46A1-B1EE-3E523B2C92C8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EE30DF08-C73D-4A28-B12E-328184CA29A3}" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F3CD50CA-EF78-41F8-8B54-694AA545AA4D}" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{4E0ED790-7956-4A93-81C4-3C7AB58A2791}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{BFCA74F9-BDD9-4944-B292-353D97C0F288}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
    "TCP Query User{F3866364-433A-429F-9329-257856FB6E2E}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
    "TCP Query User{FB6D2B84-264C-42C1-B97A-50CCC075E3B7}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
    "UDP Query User{121554BF-7CF7-44C9-89D8-492F19DFADBF}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{1E6AB3DE-FFC7-4A2D-9FE9-94BC4CF221D6}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
    "UDP Query User{2583A905-4115-48F7-91B3-465BC637E569}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "UDP Query User{C0A15B11-D72A-4DEF-BB9A-08D77CF30A63}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61163088-76A7-4A20-8228-7058848CD37F}" = Charles 3.6.5
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Security Client" = Microsoft Security Essentials
    "Ultravnc2_is1" = UltraVnc
    "WinRAR archiver" = WinRAR 4.11 (64-bit)
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{FD31AD0D-98ED-4D54-B2C3-03646C3545B8}_is1" = Project CARS
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Astroburn Lite" = Astroburn Lite
    "AviSynth" = AviSynth 2.5
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "EditPlus 3" = EditPlus 3
    "FeedReader_is1" = FeedReader
    "GFWL_{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
    "Google Chrome" = Google Chrome
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "Launchy_21344213_is1" = Launchy 2.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MDaemon Server" = MDaemon Server
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "Mozilla Thunderbird 13.0.1 (x86 en-GB)" = Mozilla Thunderbird 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Notepad++" = Notepad++
    "Picasa 3" = Picasa 3
    "Pidgin" = Pidgin
    "PSP Video 9" = PSP Video 9 6
    "PunkBusterSvc" = PunkBuster Services
    "Rainmeter" = Rainmeter
    "rFactor" = rFactor (remove only)
    "rFactor2" = rFactor2
    "RSSOwl" = RSSOwl
    "Steam App 17480" = Command and Conquer: Red Alert 3
    "Steam App 240" = Counter-Strike: Source
    "Steam App 440" = Team Fortress 2
    "Steam App 48810" = Ship Simulator Extremes Demo
    "Steam App 8600" = RACE 07
    "UK2000 VFR Scenery Volume1" = UK2000 VFR Scenery Volume1 files
    "uTorrent" = µTorrent
    "xampp" = XAMPP 1.7.7
    "YouTube Downloader App" = YouTube Downloader App 3.00

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "eec89cd0692c9aed" = MetroTwit
    "F1 1976 LE v1.1" = F1 1976 LE v1.1
    "Flux" = F.lux

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 25/06/2012 16:36:22 | Computer Name = Gary-PC | Source = VSS | ID = 12289
    Description =

    Error - 26/06/2012 03:05:35 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 26/06/2012 03:07:56 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Games\rFactor2\Core\ModMgr.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 26/06/2012 03:08:02 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Games\rFactor2\Support\Tools\MAS2.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 27/06/2012 04:09:11 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842824
    Description = Activation context generation failed for "c:\program files\microsoft
    security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
    security client\MSESysprep.dll" on line 10. The element imaging appears as a child
    of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
    this version of Windows.

    Error - 27/06/2012 04:09:43 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Games\rFactor2\Core\ModMgr.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 27/06/2012 04:09:43 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Games\rFactor2\Support\Tools\MAS2.exe".Error
    in manifest or policy file "" on line . A component version required by the application
    conflicts with another component version already active. Conflicting components
    are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = VSS | ID = 18
    Description =

    Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = VSS | ID = 8193
    Description =

    Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = System Restore | ID = 8193
    Description =

    [ System Events ]
    Error - 27/06/2012 17:15:00 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7023
    Description = The Microsoft Antimalware Service service terminated with the following
    error: %%-2147023878

    Error - 27/06/2012 17:26:55 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 27/06/2012 18:31:48 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27/06/2012 18:33:32 | Computer Name = Gary-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 27/06/2012 18:33:32 | Computer Name = Gary-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 27/06/2012 18:33:56 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 27/06/2012 18:34:06 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 27/06/2012 18:59:21 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 27/06/2012 19:18:25 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.

    Error - 28/06/2012 02:34:40 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
    Description = The Apache2.2 service terminated with service-specific error %%1.


    < End of report >
  23. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    I think that's the lot :)
  24. Broni

    Broni Malware Annihilator Posts: 46,373   +252

    You didn't say:
    [​IMG]

    =============================================

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. Gary Kemp

    Gary Kemp Newcomer, in training Topic Starter Posts: 25

    D'oh! I did reply in my first attempt that hit the character limit, but then forgot to re-add it. My PC has been behaving normally since the last ComboFix run, which is encouraging :)

    Checkup.txt:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    JavaFX 2.1.1
    Java(TM) 6 Update 32
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.