TechSpot

Sirefef with auto-restart problem

By snortercle
Aug 4, 2012
  1. Hello there,
    I'm not the most computer savvy person so bare with me through this procedure.
    Last night I started to hear things, strange noises, adverts and such. I restarted my computer and it didn't continue to do it. Freaked a little by the incident I decided to install an anti virus, that one being MSE. Once installed, my computer just shut down with the "Critical error" message.

    Now when I turn my computer on I don't even have the time to install a program or check files, because it's always rebooting.

    If there is any advice you can give me I would be extremely grateful.
    I'm using Windows 7 Home Edition, 64bit if it makes any difference.
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
     
  3. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
    Ran by SYSTEM at 04-08-2012 22:30:28
    Running from F:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [5028464 2012-01-12] (VIA)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-27] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-12-14] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-04-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-11] (Adobe Systems Incorporated)
    HKU\Rob\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-06-04] (Valve Corporation)
    HKU\Rob\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

    ==================== Services (Whitelisted) ======

    2 Intel(R) Capability Licensing Service Interface; "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [607456 2011-12-08] (Intel(R) Corporation)
    2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-15] (Intel Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-05] ()
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [363800 2011-12-15] (Intel Corporation)
    2 VIAKaraokeService; C:\Windows\System32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)

    ========================== Drivers (Whitelisted) =============

    0 iusb3hcs; C:\Windows\System32\Drivers\iusb3hcs.sys [16152 2012-01-27] (Intel Corporation)
    3 iusb3hub; C:\Windows\System32\Drivers\iusb3hub.sys [356120 2012-01-27] (Intel Corporation)
    3 iusb3xhc; C:\Windows\System32\Drivers\iusb3xhc.sys [787736 2012-01-27] (Intel Corporation)
    3 gdrv; \??\C:\Windows\gdrv.sys [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-04 04:17 - 2012-08-04 22:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-08-03 21:21 - 2012-08-03 21:21 - 04198163 ____A C:\Users\Rob\Desktop\Super Mario Galaxy 2 OST - Yoshi Star Galaxy Theme_WMV V9.wmv
    2012-08-03 08:17 - 2012-08-03 08:17 - 03578841 ____A C:\Users\Rob\Downloads\ePSXe 1.7.0.rar
    2012-08-03 06:35 - 2012-08-03 23:49 - 00000000 ____D C:\Users\Rob\Downloads\LCK_carnegie_mp3
    2012-08-03 03:13 - 2012-08-03 03:24 - 441073873 ____A C:\Users\Rob\Documents\Slender.wmv
    2012-08-02 10:47 - 2012-08-02 10:47 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-02 05:34 - 2012-08-04 22:24 - 00000000 ____D C:\Users\Rob\AppData\Local\LogMeIn Hamachi
    2012-08-02 05:34 - 2012-08-04 22:24 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-02 01:21 - 2012-08-02 01:21 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
    2012-08-02 01:21 - 2012-08-02 01:21 - 00000000 ____D C:\Users\Rob\Documents\Camtasia Studio
    2012-08-02 01:21 - 2012-08-02 01:21 - 00000000 ____D C:\Users\Rob\AppData\Local\TechSmith
    2012-08-02 01:21 - 2012-08-02 01:21 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2012-08-02 01:20 - 2012-08-02 01:21 - 00000000 ____D C:\Users\All Users\TechSmith
    2012-08-02 01:20 - 2012-08-02 01:20 - 00000000 ____D C:\Program Files (x86)\TechSmith
    2012-08-02 01:15 - 2012-08-04 22:24 - 00000000 ____D C:\Users\Rob\Downloads\Camtasia Studio 7 + Keygen
    2012-08-01 23:29 - 2012-08-03 10:33 - 00000000 ____D C:\Program Files (x86)\Snes9K
    2012-08-01 09:01 - 2012-08-01 09:06 - 142574795 ____A C:\Users\Rob\Documents\wellthen.wmv
    2012-08-01 07:35 - 2012-08-01 07:41 - 00103296 ____A C:\Users\Rob\Documents\zombies ate my neighbors - Zombie Panic.mp4.sfk
    2012-08-01 07:33 - 2012-08-01 07:33 - 04328669 ____A C:\Users\Rob\Documents\zombies ate my neighbors - Zombie Panic.mp4
    2012-07-31 23:55 - 2012-07-31 23:57 - 62126051 ____A C:\Users\Rob\Documents\NOBODY.wmv
    2012-07-31 08:45 - 2012-07-31 09:13 - 00000000 ____D C:\Users\Rob\Downloads\XFM - Ricky Gervais, Stephen Merchant and Karl Pilkington
    2012-07-31 08:02 - 2012-07-31 08:07 - 144774903 ____A C:\Users\Rob\Documents\unproductive.wmv
    2012-07-30 19:22 - 2012-07-30 19:25 - 00749599 ____A C:\Users\Rob\Downloads\JoyToKey_en.zip
    2012-07-30 19:21 - 2012-07-30 19:21 - 00463080 ____A (CNET Download.com) C:\Users\Rob\Downloads\cnet2_JoyToKey_en_zip.exe
    2012-07-30 05:30 - 2012-07-30 05:34 - 127262795 ____A C:\Users\Rob\Documents\centipede.wmv
    2012-07-30 04:39 - 2012-07-30 04:46 - 00313376 ____A C:\Users\Rob\Documents\Breaking Bad Season 4 (2011) If I Had a Heart (Soundtrack OST).mp4.sfk
    2012-07-30 04:35 - 2012-07-30 04:37 - 37311386 ____A C:\Users\Rob\Documents\Breaking Bad Season 4 (2011) If I Had a Heart (Soundtrack OST).mp4
    2012-07-30 04:30 - 2012-07-30 04:32 - 05409153 ____A C:\Users\Rob\Documents\Scarface _Tony Montana_ Theme Song.flv
    2012-07-29 05:55 - 2012-07-29 05:59 - 121086603 ____A C:\Users\Rob\Documents\hackers.wmv
    2012-07-29 05:12 - 2012-07-29 05:15 - 09096684 ____A C:\Users\Rob\Documents\Super Mario World Ending Theme Song.flv
    2012-07-28 07:02 - 2012-07-28 07:06 - 103902531 ____A C:\Users\Rob\Documents\hackeraxe.wmv
    2012-07-27 03:47 - 2012-07-27 03:47 - 00000000 ____D C:\Users\Rob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-07-26 22:52 - 2012-07-26 22:52 - 00000079 ____A C:\Windows\SysWOW64\ArmA2OA.cfg
    2012-07-26 22:52 - 2012-07-26 22:52 - 00000000 ____D C:\Users\Rob\Documents\snort
    2012-07-22 17:58 - 2012-07-22 17:58 - 00000000 ____D C:\Users\Rob\Downloads\Game.of.Thrones.S02
    2012-07-22 02:22 - 2012-07-22 02:22 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Sony Creative Software Inc
    2012-07-22 02:21 - 2012-07-22 02:29 - 00000000 ____D C:\Users\Rob\Documents\Any Video Converter
    2012-07-22 02:21 - 2012-07-22 02:21 - 00000000 ____D C:\Users\Rob\AppData\Roaming\AnvSoft
    2012-07-22 02:21 - 2012-07-22 02:21 - 00000000 ____D C:\Program Files (x86)\AnvSoft
    2012-07-22 02:19 - 2012-07-22 02:19 - 29575744 ____A (Any-Video-Converter.com ) C:\Users\Rob\Downloads\avc-free.exe
    2012-07-22 02:12 - 2012-07-28 05:47 - 00000000 ____D C:\Users\All Users\YTD Video Downloader
    2012-07-22 02:12 - 2012-07-22 02:12 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
    2012-07-22 02:11 - 2012-07-22 02:11 - 05414584 ____A C:\Users\Rob\Downloads\YTDSetup.exe
    2012-07-21 17:01 - 2012-07-21 17:01 - 00000000 ____D C:\Users\Rob\Documents\Hitman Blood Money
    2012-07-21 15:47 - 2012-07-26 21:03 - 00000000 ____D C:\Users\Rob\Downloads\The.Walking.Dead.S02
    2012-07-21 15:43 - 2012-07-21 15:43 - 00000000 ____D C:\Users\Rob\Downloads\Captain America The First Avenger (2011) DVDRip XviD-MAXSPEED
    2012-07-21 01:47 - 2012-07-21 02:03 - 00000000 ____D C:\Users\Rob\Downloads\Iron.Man[2008]DvDrip-aXXo
    2012-07-21 01:47 - 2012-07-21 01:47 - 00000000 ____D C:\Users\Rob\Downloads\Iron Man 2 (2010) DVDRip XviD-MAXSPEED
    2012-07-20 15:04 - 2012-07-20 16:45 - 00000000 ____D C:\Users\Rob\Downloads\The Finest 'Arvist of
    2012-07-19 17:04 - 2012-08-01 10:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-19 17:04 - 2012-07-19 17:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-19 17:04 - 2012-07-19 17:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 19:33 - 2012-07-18 19:34 - 00000000 ____D C:\Users\All Users\HP
    2012-07-18 19:33 - 2012-07-18 19:33 - 00000000 ____D C:\Users\Rob\AppData\Local\HP
    2012-07-18 19:33 - 2012-07-18 19:33 - 00000000 ____D C:\Program Files\HP
    2012-07-18 19:33 - 2012-07-18 19:33 - 00000000 ____D C:\Program Files (x86)\HP
    2012-07-18 19:32 - 2012-07-18 19:33 - 18842240 ____A C:\Users\Rob\Downloads\DJ1050_J410_Basic_x64_231.exe
    2012-07-16 16:34 - 2012-07-16 18:44 - 00000000 ____D C:\Users\Rob\Downloads\Muppet movie (1979) soundtrack
    2012-07-16 15:38 - 2012-07-16 17:46 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Publish Providers
    2012-07-16 15:29 - 2012-07-16 15:34 - 00000000 ____D C:\Users\Rob\AppData\Local\Sony
    2012-07-16 15:29 - 2012-07-16 15:29 - 00000000 ____D C:\Users\All Users\Sony
    2012-07-16 15:29 - 2012-07-16 15:29 - 00000000 ____D C:\Program Files\Sony
    2012-07-16 15:29 - 2012-07-16 15:29 - 00000000 ____D C:\Program Files (x86)\Sony
    2012-07-16 15:28 - 2012-07-16 17:43 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Sony
    2012-07-15 02:58 - 2012-07-15 02:58 - 00000769 ____A C:\Users\Rob\Desktop\Fraps.lnk
    2012-07-14 11:11 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-14 11:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-14 11:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-14 11:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-14 11:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-14 11:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-14 11:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-14 11:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-14 11:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-14 11:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-14 11:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-14 11:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-14 11:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-14 11:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-14 11:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-14 11:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-14 11:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-14 11:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-14 11:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-14 11:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-14 11:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-14 11:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-14 11:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-14 11:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-14 11:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-14 11:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-14 11:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-14 11:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-14 11:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-14 07:00 - 2012-07-14 07:00 - 00000000 ____D C:\Users\Rob\AppData\Roaming\six-updater
    2012-07-14 06:59 - 2012-07-14 06:59 - 00002573 ____A C:\Users\Rob\Desktop\Six Launcher.lnk
    2012-07-14 06:58 - 2012-07-14 06:58 - 16884522 ____A (Oleg N. Scherbakov) C:\Users\Rob\Downloads\su-setup.exe
    2012-07-14 06:15 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-14 06:15 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-14 06:15 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-14 06:15 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-14 06:15 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-14 06:15 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-14 06:15 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-14 06:15 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-14 06:15 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-14 06:15 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-14 06:15 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-14 06:15 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-14 06:15 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-14 06:15 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-14 06:15 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-14 06:15 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-14 06:15 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-14 06:15 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-14 06:15 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-14 02:32 - 2012-07-14 02:32 - 00000000 ____D C:\Users\Rob\AppData\Local\{FF840270-F564-4845-8637-7523121CAF53}
    2012-07-14 02:32 - 2012-07-14 02:32 - 00000000 ____D C:\Users\Rob\AppData\Local\{2AB910AC-E82E-4ECD-B433-13CC5D6ABFB9}
    2012-07-12 03:09 - 2012-07-14 05:55 - 00000000 ____D C:\Program Files (x86)\Screenshots
    2012-07-12 01:40 - 2012-07-26 00:20 - 00000132 ____A C:\Users\Rob\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-07-12 01:29 - 2012-07-12 01:29 - 00000000 ____D C:\Users\Rob\AppData\Local\{EC926D43-7DA2-47AF-8D6D-D172797AF0D6}
    2012-07-12 01:29 - 2012-07-12 01:29 - 00000000 ____D C:\Users\Rob\AppData\Local\{18E2741E-3238-4D41-A6C0-8B489272D0D8}
    2012-07-12 00:59 - 2012-07-14 06:10 - 00000000 ____D C:\Windows\en
    2012-07-12 00:56 - 2012-07-12 00:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-07-12 00:54 - 2012-07-12 00:56 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2012-07-12 00:54 - 2012-07-12 00:54 - 00000000 ____D C:\Windows\PCHEALTH
    2012-07-12 00:52 - 2012-07-14 02:33 - 00000000 ____D C:\Users\Rob\AppData\Local\Windows Live
    2012-07-11 21:51 - 2012-07-14 05:55 - 00000000 ____D C:\Program Files (x86)\Movies
    2012-07-11 21:35 - 2012-07-11 21:35 - 00000000 ____D C:\Program Files (x86)\HELP
    2012-07-10 22:38 - 2012-07-14 06:37 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Audacity
    2012-07-10 22:38 - 2012-07-10 22:38 - 00000000 ____D C:\Program Files (x86)\Audacity
    2012-07-10 22:37 - 2012-07-10 22:38 - 20786971 ____A (Audacity Team ) C:\Users\Rob\Downloads\audacity-win-2.0.exe
    2012-07-06 04:42 - 2012-07-16 10:55 - 00000000 ____D C:\Users\Rob\Downloads\The.Walking.Dead.Episode.2.Starved.for.Help-TiNYiSO
    2012-07-05 23:37 - 2012-07-05 23:37 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-05 23:37 - 2012-07-05 23:37 - 00000000 ____D C:\Users\Rob\AppData\Local\PunkBuster
    2012-07-05 23:33 - 2012-07-05 23:37 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-05 23:33 - 2012-07-05 23:34 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-05 23:33 - 2012-07-05 23:33 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-05 04:13 - 2012-07-05 13:22 - 00000000 ____D C:\Users\Rob\AppData\Roaming\Mumble
    2012-07-05 04:13 - 2012-07-05 04:13 - 00000000 ____D C:\Program Files (x86)\Mumble
    2012-07-05 04:10 - 2012-07-05 04:10 - 17904640 ____A C:\Users\Rob\Downloads\mumble-1.2.3a.msi


    ============ 3 Months Modified Files ========================

    2012-08-03 21:21 - 2012-08-03 21:21 - 04198163 ____A C:\Users\Rob\Desktop\Super Mario Galaxy 2 OST - Yoshi Star Galaxy Theme_WMV V9.wmv
    2012-08-03 08:17 - 2012-08-03 08:17 - 03578841 ____A C:\Users\Rob\Downloads\ePSXe 1.7.0.rar
    2012-08-03 03:24 - 2012-08-03 03:13 - 441073873 ____A C:\Users\Rob\Documents\Slender.wmv
    2012-08-01 11:12 - 2012-05-31 19:04 - 01328368 ____A C:\Windows\WindowsUpdate.log
    2012-08-01 10:22 - 2012-07-19 17:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-01 09:06 - 2012-08-01 09:01 - 142574795 ____A C:\Users\Rob\Documents\wellthen.wmv
    2012-08-01 07:41 - 2012-08-01 07:35 - 00103296 ____A C:\Users\Rob\Documents\zombies ate my neighbors - Zombie Panic.mp4.sfk
    2012-08-01 07:33 - 2012-08-01 07:33 - 04328669 ____A C:\Users\Rob\Documents\zombies ate my neighbors - Zombie Panic.mp4
    2012-07-31 23:57 - 2012-07-31 23:55 - 62126051 ____A C:\Users\Rob\Documents\NOBODY.wmv
    2012-07-31 15:58 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 15:58 - 2009-07-13 20:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-31 15:55 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-31 15:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-31 15:50 - 2009-07-13 20:51 - 00031440 ____A C:\Windows\setupact.log
    2012-07-31 08:07 - 2012-07-31 08:02 - 144774903 ____A C:\Users\Rob\Documents\unproductive.wmv
    2012-07-30 19:25 - 2012-07-30 19:22 - 00749599 ____A C:\Users\Rob\Downloads\JoyToKey_en.zip
    2012-07-30 19:21 - 2012-07-30 19:21 - 00463080 ____A (CNET Download.com) C:\Users\Rob\Downloads\cnet2_JoyToKey_en_zip.exe
    2012-07-30 05:34 - 2012-07-30 05:30 - 127262795 ____A C:\Users\Rob\Documents\centipede.wmv
    2012-07-30 04:46 - 2012-07-30 04:39 - 00313376 ____A C:\Users\Rob\Documents\Breaking Bad Season 4 (2011) If I Had a Heart (Soundtrack OST).mp4.sfk
    2012-07-30 04:37 - 2012-07-30 04:35 - 37311386 ____A C:\Users\Rob\Documents\Breaking Bad Season 4 (2011) If I Had a Heart (Soundtrack OST).mp4
    2012-07-30 04:32 - 2012-07-30 04:30 - 05409153 ____A C:\Users\Rob\Documents\Scarface _Tony Montana_ Theme Song.flv
    2012-07-29 05:59 - 2012-07-29 05:55 - 121086603 ____A C:\Users\Rob\Documents\hackers.wmv
    2012-07-29 05:15 - 2012-07-29 05:12 - 09096684 ____A C:\Users\Rob\Documents\Super Mario World Ending Theme Song.flv
    2012-07-28 07:06 - 2012-07-28 07:02 - 103902531 ____A C:\Users\Rob\Documents\hackeraxe.wmv
    2012-07-26 22:52 - 2012-07-26 22:52 - 00000079 ____A C:\Windows\SysWOW64\ArmA2OA.cfg
    2012-07-26 00:20 - 2012-07-12 01:40 - 00000132 ____A C:\Users\Rob\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-07-22 02:19 - 2012-07-22 02:19 - 29575744 ____A (Any-Video-Converter.com ) C:\Users\Rob\Downloads\avc-free.exe
    2012-07-22 02:11 - 2012-07-22 02:11 - 05414584 ____A C:\Users\Rob\Downloads\YTDSetup.exe
    2012-07-19 18:14 - 2010-11-20 19:47 - 00007580 ____A C:\Windows\PFRO.log
    2012-07-19 17:04 - 2012-07-19 17:04 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-19 17:04 - 2012-07-19 17:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-18 19:33 - 2012-07-18 19:32 - 18842240 ____A C:\Users\Rob\Downloads\DJ1050_J410_Basic_x64_231.exe
    2012-07-15 02:58 - 2012-07-15 02:58 - 00000769 ____A C:\Users\Rob\Desktop\Fraps.lnk
    2012-07-14 20:13 - 2009-07-13 20:45 - 04826928 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-14 06:59 - 2012-07-14 06:59 - 00002573 ____A C:\Users\Rob\Desktop\Six Launcher.lnk
    2012-07-14 06:58 - 2012-07-14 06:58 - 16884522 ____A (Oleg N. Scherbakov) C:\Users\Rob\Downloads\su-setup.exe
    2012-07-10 22:38 - 2012-07-10 22:37 - 20786971 ____A (Audacity Team ) C:\Users\Rob\Downloads\audacity-win-2.0.exe
    2012-07-08 19:47 - 2012-06-05 03:14 - 00196193 ____A C:\Windows\DirectX.log
    2012-07-05 23:37 - 2012-07-05 23:37 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-07-05 23:37 - 2012-07-05 23:33 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-07-05 23:34 - 2012-07-05 23:33 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-07-05 23:33 - 2012-07-05 23:33 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
    2012-07-05 04:10 - 2012-07-05 04:10 - 17904640 ____A C:\Users\Rob\Downloads\mumble-1.2.3a.msi
    2012-07-01 02:16 - 2012-07-01 02:16 - 04126880 ____A (Adobe Systems Incorporated) C:\Users\Rob\Downloads\stall_flash_player_ax_32bit.exe
    2012-07-01 02:13 - 2012-07-01 02:12 - 24331504 ____A (SplitMediaLabs) C:\Users\Rob\Downloads\xsplit_installer_v1.0.1206.0203.exe
    2012-06-30 00:47 - 2012-06-30 00:47 - 16803216 ____A C:\Users\Rob\Downloads\vcs_cnt.exe
    2012-06-30 00:46 - 2012-06-30 00:46 - 00463080 ____A (CNET Download.com) C:\Users\Rob\Downloads\cnet2_vcs_cnt_exe.exe
    2012-06-25 06:03 - 2012-06-25 06:02 - 22259528 ____A C:\Users\Rob\Downloads\vlc-2.0.1-win32.exe
    2012-06-21 10:50 - 2012-06-20 21:48 - 00763958 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-21 04:39 - 2012-05-31 19:11 - 00057560 ____A C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-21 04:30 - 2012-06-21 03:59 - 1272409933 ____A C:\Users\Rob\Downloads\Adobe. Photoshop CS5.1 Extended Edition.exe
    2012-06-11 19:08 - 2012-07-14 11:11 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-14 06:15 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-14 06:15 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-05 22:06 - 2012-07-14 06:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-14 06:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-14 06:15 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-14 06:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-14 06:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-14 06:15 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 20:50 - 2012-06-05 20:50 - 00001011 ____A C:\Users\Public\Desktop\PowerISO.lnk
    2012-06-05 20:38 - 2012-06-05 20:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2012-06-05 20:38 - 2012-06-05 20:38 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
    2012-06-05 10:52 - 2012-06-05 10:50 - 00003397 ____A C:\Windows\IE9_main.log
    2012-06-05 10:51 - 2012-06-05 10:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2012-06-05 10:51 - 2012-06-05 10:51 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
    2012-06-05 10:51 - 2012-06-05 10:51 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-06-05 10:51 - 2012-06-05 10:51 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2012-06-05 10:51 - 2012-06-05 10:51 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
    2012-06-05 10:51 - 2012-06-05 10:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2012-06-05 10:51 - 2012-06-05 10:51 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2012-06-05 10:51 - 2012-06-05 10:51 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2012-06-05 10:51 - 2012-06-05 10:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-06-05 09:39 - 2012-06-05 09:39 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-06-05 05:42 - 2012-06-05 05:42 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
    2012-06-05 03:47 - 2012-06-05 03:47 - 00002315 ____A C:\Users\Rob\Desktop\Day Z.lnk
    2012-06-04 21:30 - 2012-06-04 21:30 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-06-04 21:30 - 2012-06-04 21:30 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-06-04 21:19 - 2012-06-04 21:19 - 00000967 ____A C:\Users\Rob\Desktop\TeamSpeak 3 Client.lnk
    2012-06-04 21:08 - 2012-06-04 21:08 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-06-04 20:45 - 2012-06-04 20:45 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-02 14:19 - 2012-06-21 08:25 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 08:25 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 08:25 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 08:25 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 08:25 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 08:25 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 08:25 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 04:49 - 2012-07-14 11:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-14 11:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-14 11:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-14 11:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-14 11:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-14 11:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-14 11:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-14 11:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-14 11:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-14 11:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-14 11:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-14 11:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-14 11:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-14 11:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-14 11:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-14 11:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-14 11:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-14 11:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-14 11:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-14 11:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-14 11:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-14 11:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-14 11:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-14 11:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-14 11:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-14 11:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-14 11:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-14 11:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 23:19 - 2012-06-21 08:25 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-01 23:15 - 2012-06-21 08:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-01 21:50 - 2012-07-14 06:15 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-14 06:15 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-14 06:15 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-14 06:15 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-14 06:15 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-14 06:15 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-14 06:15 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-14 06:15 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-14 06:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 10:59 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
    2012-06-01 10:59 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
    2012-05-31 19:26 - 2012-06-04 21:08 - 00002094 ____A C:\Users\UpdatusUser\Desktop\LG Burning Tool.lnk
    2012-05-31 19:26 - 2012-06-04 21:08 - 00001194 ____A C:\Users\UpdatusUser\Desktop\LG Power Tools.lnk
    2012-05-31 19:26 - 2012-05-31 19:26 - 00002094 ____A C:\Users\Default\Desktop\LG Burning Tool.lnk
    2012-05-31 19:26 - 2012-05-31 19:26 - 00002094 ____A C:\Users\Default User\Desktop\LG Burning Tool.lnk
    2012-05-31 19:26 - 2012-05-31 19:26 - 00001194 ____A C:\Users\Default\Desktop\LG Power Tools.lnk
    2012-05-31 19:26 - 2012-05-31 19:26 - 00001194 ____A C:\Users\Default User\Desktop\LG Power Tools.lnk
    2012-05-31 19:09 - 2012-05-31 19:09 - 00000032 ____A C:\csb.log
    2012-05-31 19:09 - 2012-05-31 19:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
    2012-05-31 19:06 - 2012-05-31 19:06 - 00000010 ____A C:\Windows\GSetup.ini
    2012-05-31 19:04 - 2012-05-31 19:04 - 00000020 __ASH C:\Users\Rob\ntuser.ini
    2012-05-31 17:01 - 2012-05-31 17:01 - 00001355 ____A C:\Windows\TSSysprep.log
    2012-05-31 17:01 - 2009-07-13 20:46 - 00002790 ____A C:\Windows\DtcInstall.log
    2012-05-30 20:25 - 2010-11-20 19:27 - 00279656 ____A (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-30 20:10 - 2012-06-05 20:50 - 00126944 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
    2012-05-15 02:48 - 2012-06-04 21:07 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
    2012-05-15 02:48 - 2012-06-04 21:07 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
    2012-05-15 02:48 - 2012-06-04 21:07 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2012-05-15 02:48 - 2012-05-31 19:12 - 00014324 ____A C:\Windows\System32\nvinfo.pb
    2012-05-15 01:29 - 2012-06-04 21:08 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
    2012-05-15 01:29 - 2012-05-31 19:13 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
    2012-05-15 01:29 - 2012-05-31 19:13 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    2012-05-15 01:29 - 2012-05-31 19:13 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
    2012-05-15 01:29 - 2012-05-31 19:13 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
    2012-05-15 01:28 - 2012-05-31 19:13 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
    2012-05-14 10:21 - 2012-05-14 10:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

    ZeroAccess:
    C:\Windows\Installer\{3b896aff-4486-293b-ae3b-9517caa02207}
    C:\Windows\Installer\{3b896aff-4486-293b-ae3b-9517caa02207}\L

    ZeroAccess:
    C:\Users\Rob\AppData\Local\{3b896aff-4486-293b-ae3b-9517caa02207}
    C:\Users\Rob\AppData\Local\{3b896aff-4486-293b-ae3b-9517caa02207}\@
    C:\Users\Rob\AppData\Local\{3b896aff-4486-293b-ae3b-9517caa02207}\L
    C:\Users\Rob\AppData\Local\{3b896aff-4486-293b-ae3b-9517caa02207}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 8152.65 MB
    Available physical RAM: 7363.67 MB
    Total Pagefile: 8150.85 MB
    Available Pagefile: 7345.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.89 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:723.61 GB) NTFS
    3 Drive f: (KINGSTON) (Removable) (Total:1.87 GB) (Free:0.5 GB) FAT
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 1919 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1918 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F KINGSTON FAT Removable 1918 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-27 23:25

    ======================= End Of Log ==========================
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
     
  5. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    I did exactly as you said. It restarted and I got a prompt for an update for an adobe program, I just clicked remind me later. It also said the system restore was successful and no documents were affected. I have not been told my computer will restart and it seems to be functioning. So far so good.

    The log will be in a separate post.
     
  6. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
    Ran by SYSTEM at 2012-08-05 00:05:42 Run:1
    Running from F:\
    ==============================================
    gdrv service deleted successfully.
    C:\Users\Rob\Downloads\Camtasia Studio 7 + Keygen moved successfully.
    C:\Windows\Installer\{3b896aff-4486-293b-ae3b-9517caa02207} moved successfully.
    C:\Users\Rob\AppData\Local\{3b896aff-4486-293b-ae3b-9517caa02207} moved successfully.
    ==== End of Fixlog ====
     
  7. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    I have been playing games for about 5 hours and my performance is not slowed and I haven't had any further signs to suggest there is a virus on my PC. I will await your response to tell me what to do to make sure I'm completely clear.
     
  8. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    I installed Malwarebytes, the log after a scan is:

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.05.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rob :: ROB-PC [administrator]

    Protection: Enabled

    5/08/2012 8:23:53 PM
    mbam-log-2012-08-05 (20-23-53).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 319644
    Time elapsed: 17 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    GMER Results:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-05 20:59:42
    Windows 6.1.7601 Service Pack 1
    Running: n93w7x2h.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Cookies\BJWQKH51.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  10. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
    Run by Rob at 21:02:23 on 2012-08-05
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8154.5661 [GMT 8:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Users\Rob\Desktop\Games\SNES\JoyToKey.exe
    C:\Users\Rob\Desktop\Games\Other\Fraps\fraps.exe
    C:\Users\Rob\Desktop\Games\Other\Fraps\fraps64.dat
    C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
    C:\Program Files\Sony\Vegas Pro 11.0\ErrorReportLauncher.exe
    C:\Program Files\Sony\Vegas Pro 11.0\x86\FileIOSurrogate.exe
    C:\Program Files\Sony\Vegas Pro 11.0\x86\sfvstserver.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    TCP: DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{C8011189-C991-41C5-979D-B8044D06D2B6} : DhcpNameServer = 10.0.0.138
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\1dkcvaj6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\system32\DRIVERS\iusb3hcs.sys --> C:\Windows\system32\DRIVERS\iusb3hcs.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-1 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-1 161560]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-5 655944]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-1 363800]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\iusb3hub.sys --> C:\Windows\system32\DRIVERS\iusb3hub.sys [?]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\system32\DRIVERS\iusb3xhc.sys --> C:\Windows\system32\DRIVERS\iusb3xhc.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-5 1262400]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-20 250056]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-5 113120]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-05 12:23:02 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
    2012-08-05 12:22:53 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-05 12:22:53 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-05 12:22:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-05 06:30:16 -------- d-----w- C:\FRST
    2012-08-04 18:18:54 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7BBBF296-6BF5-431F-81E0-BC8A85D962B7}\mpengine.dll
    2012-08-04 12:17:59 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-08-02 18:47:15 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-08-02 13:34:32 -------- d-----w- C:\Users\Rob\AppData\Local\LogMeIn Hamachi
    2012-08-02 13:34:16 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    2012-08-02 09:21:40 -------- d-----w- C:\Users\Rob\AppData\Local\TechSmith
    2012-08-02 09:21:12 -------- d-----w- C:\Windows\SysWow64\QuickTime
    2012-08-02 07:29:58 -------- d-----w- C:\Program Files (x86)\Snes9K
    2012-07-27 11:47:57 -------- d-----w- C:\Users\Rob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-07-22 10:22:23 -------- d-----w- C:\Users\Rob\AppData\Roaming\Sony Creative Software Inc
    2012-07-22 10:21:26 -------- d-----w- C:\Users\Rob\AppData\Roaming\AnvSoft
    2012-07-22 10:21:16 -------- d-----w- C:\Program Files (x86)\AnvSoft
    2012-07-22 10:12:08 -------- d-----w- C:\ProgramData\YTD Video Downloader
    2012-07-22 10:12:05 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
    2012-07-20 01:04:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-20 01:04:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-19 03:33:41 -------- d-----w- C:\Program Files\HP
    2012-07-19 03:33:41 -------- d-----w- C:\Program Files (x86)\HP
    2012-07-19 03:33:31 -------- d-----w- C:\Users\Rob\AppData\Local\HP
    2012-07-16 23:29:24 -------- d-----w- C:\Users\Rob\AppData\Local\Sony
    2012-07-16 23:29:24 -------- d-----w- C:\Program Files (x86)\Sony
    2012-07-16 23:29:23 -------- d-----w- C:\Program Files\Sony
    2012-07-14 15:00:05 -------- d-----w- C:\Users\Rob\AppData\Roaming\six-updater
    2012-07-14 10:32:50 -------- d-----w- C:\Users\Rob\AppData\Local\{2AB910AC-E82E-4ECD-B433-13CC5D6ABFB9}
    2012-07-14 10:32:39 -------- d-----w- C:\Users\Rob\AppData\Local\{FF840270-F564-4845-8637-7523121CAF53}
    2012-07-12 11:09:50 -------- d-----w- C:\Program Files (x86)\Screenshots
    2012-07-12 09:29:25 -------- d-----w- C:\Users\Rob\AppData\Local\{18E2741E-3238-4D41-A6C0-8B489272D0D8}
    2012-07-12 09:29:15 -------- d-----w- C:\Users\Rob\AppData\Local\{EC926D43-7DA2-47AF-8D6D-D172797AF0D6}
    2012-07-12 08:59:14 -------- d-----w- C:\Windows\en
    2012-07-12 08:56:56 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2012-07-12 08:54:08 -------- d-----w- C:\Windows\PCHEALTH
    2012-07-12 08:52:13 -------- d-----w- C:\Users\Rob\AppData\Local\Windows Live
    2012-07-12 08:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2012-07-12 05:51:25 -------- d-----w- C:\Program Files (x86)\Movies
    2012-07-12 05:35:25 -------- d-----w- C:\Program Files (x86)\HELP
    2012-07-11 06:38:39 -------- d-----w- C:\Program Files (x86)\Audacity
    .
    ==================== Find3M ====================
    .
    2012-07-06 07:37:59 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-07-06 07:37:59 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-07-06 07:34:02 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-07-06 07:33:52 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 07:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 07:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 04:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-31 04:10:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-14 18:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-10-22 11:06:32 68272 ----a-w- C:\Program Files (x86)\fraps64.dat
    .
    ============= FINISH: 21:02:41.30 ===============
     
  11. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/06/2012 11:04:46 AM
    System Uptime: 5/08/2012 9:05:49 AM (12 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | Z77M-D3H
    Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz | 1599/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 619.612 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\MEDIA\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\MEDIA\0000
    Service:
    .
    Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
    Description: Standard PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&FA2F13B&0
    Manufacturer: (Standard keyboards)
    Name: Standard PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&FA2F13B&0
    Service: i8042prt
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: High Definition Audio Device
    Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301
    Manufacturer: Microsoft
    Name: High Definition Audio Device
    PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301
    Service: HdAudAddService
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&FA2F13B&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&FA2F13B&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP63: 2/08/2012 3:12:45 AM - Windows Update
    RP64: 2/08/2012 5:20:45 PM - Installed Camtasia Studio 7
    RP65: 2/08/2012 9:34:10 PM - Installed LogMeIn Hamachi
    RP66: 2/08/2012 11:32:59 PM - Installed Project64 1.6
    RP67: 5/08/2012 2:18:38 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.6
    Alan Wake
    Any Video Converter 3.4.0
    ARMA 2
    ARMA 2: British Armed Forces
    ARMA 2: British Armed Forces - Data cache removal
    ARMA 2: Operation Arrowhead
    ARMA 2: Private Military Company
    ARMA 2: Private Military Company - Data cache removal
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    µTorrent
    Audacity 2.0
    BattlEye for OA Uninstall
    BattlEye Uninstall
    Counter-Strike: Source
    Fraps (remove only)
    Garry's Mod
    Hitman: Blood Money
    HP Deskjet 1050 J410 series Help
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) USB 3.0 eXtensible Host Controller Driver
    Java Auto Updater
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    L.A. Noire
    LG CyberLink Power2Go
    LG Power Tools
    Malwarebytes Anti-Malware version 1.62.0.1300
    Metro 2033
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MISERY for S.T.A.L.K.E.R - Call of Pripyat
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mumble 1.2.3
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Optical Disc Doctor
    PAYDAY: The Heist
    PDF Settings CS5
    Platform
    PowerISO
    PunkBuster Services
    Rockstar Games Social Club
    S.T.A.L.K.E.R.: Call of Pripyat
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Six Updater
    Skype™ 5.9
    Steam
    Super Meat Boy
    swMSM
    System Requirements Lab CYRI
    The Binding of Isaac
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    uTorrentControl2 Toolbar
    VIA Platform Device Manager
    VLC media player 2.0.1
    XSplit
    YTD Video Downloader 3.9
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/08/2012 9:08:08 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    5/08/2012 9:08:08 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    4/08/2012 7:44:29 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    4/08/2012 7:44:29 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    4/08/2012 12:07:23 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    4/08/2012 12:07:23 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
    4/08/2012 10:15:03 PM, Error: Microsoft Antimalware [1119] -
    4/08/2012 10:14:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/08/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/08/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    4/08/2012 10:14:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    4/08/2012 10:14:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/08/2012 10:14:28 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx Wanarpv6 WfpLwf
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/08/2012 10:14:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    4/08/2012 10:07:10 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SCDEmu spldr Wanarpv6
    3/08/2012 5:49:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
    3/08/2012 5:49:26 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/08/2012 2:29:04 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    2/08/2012 9:34:24 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/08/2012 9:34:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    2/08/2012 9:34:24 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/08/2012 6:09:27 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    .
    ==== End Of File ===========================
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  13. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    NOTE: I installed AVAST security. I know I was told not to install anything in the first step, but I didn't want to go unprotected any longer. I also have had various programs automatically update. If this is a problem and you need me to resend anything I'll gladly oblige.



    ComboFix 12-08-05.02 - Rob 06/08/2012 7:34.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8154.6718 [GMT 8:00]
    Running from: c:\users\Rob\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-05 23:38 . 2012-08-05 23:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-08-05 23:38 . 2012-08-05 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-05 13:54 . 2010-06-28 20:37 51280 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-08-05 13:54 . 2010-06-28 20:37 121936 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-08-05 13:54 . 2010-06-28 20:33 28752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2012-08-05 13:54 . 2010-06-28 20:32 20048 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-08-05 13:53 . 2010-06-28 20:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-08-05 13:53 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2012-08-05 13:53 . 2010-06-28 20:57 165032 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-08-05 13:53 . 2012-08-05 13:53 -------- d-----w- c:\programdata\Alwil Software
    2012-08-05 13:53 . 2012-08-05 13:53 -------- d-----w- c:\program files\Alwil Software
    2012-08-05 12:23 . 2012-08-05 12:23 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
    2012-08-05 12:22 . 2012-08-05 12:22 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-05 06:30 . 2012-08-05 06:30 -------- d-----w- C:\FRST
    2012-08-04 18:18 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BBBF296-6BF5-431F-81E0-BC8A85D962B7}\mpengine.dll
    2012-08-04 12:17 . 2012-08-05 06:24 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-02 18:47 . 2012-08-02 18:47 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-08-02 13:34 . 2012-08-05 06:24 -------- d-----w- c:\users\Rob\AppData\Local\LogMeIn Hamachi
    2012-08-02 13:34 . 2012-08-05 06:24 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
    2012-08-02 09:21 . 2012-08-02 09:21 -------- d-----w- c:\users\Rob\AppData\Local\TechSmith
    2012-08-02 09:21 . 2012-08-02 09:21 -------- d-----w- c:\windows\SysWow64\QuickTime
    2012-08-02 09:21 . 2012-08-02 09:21 -------- d-----w- c:\program files (x86)\QuickTime
    2012-08-02 09:20 . 2012-08-02 09:21 -------- d-----w- c:\programdata\TechSmith
    2012-08-02 09:20 . 2012-08-02 09:20 -------- d-----w- c:\program files (x86)\TechSmith
    2012-08-02 07:29 . 2012-08-03 18:33 -------- d-----w- c:\program files (x86)\Snes9K
    2012-07-27 11:47 . 2012-07-27 11:47 -------- d-----w- c:\users\Rob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-07-22 10:22 . 2012-07-22 10:22 -------- d-----w- c:\users\Rob\AppData\Roaming\Sony Creative Software Inc
    2012-07-22 10:21 . 2012-07-22 10:21 -------- d-----w- c:\users\Rob\AppData\Roaming\AnvSoft
    2012-07-22 10:21 . 2012-07-22 10:21 -------- d-----w- c:\program files (x86)\AnvSoft
    2012-07-22 10:12 . 2012-07-28 13:47 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-22 10:12 . 2012-07-22 10:12 -------- d-----w- c:\program files (x86)\GreenTree Applications
    2012-07-20 01:04 . 2012-07-20 01:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-20 01:04 . 2012-07-20 01:04 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-19 03:33 . 2012-07-19 03:34 -------- d-----w- c:\programdata\HP
    2012-07-19 03:33 . 2012-07-19 03:33 -------- d-----w- c:\program files\HP
    2012-07-19 03:33 . 2012-07-19 03:33 -------- d-----w- c:\program files (x86)\HP
    2012-07-19 03:33 . 2012-07-19 03:33 -------- d-----w- c:\users\Rob\AppData\Local\HP
    2012-07-16 23:38 . 2012-07-17 01:46 -------- d-----w- c:\users\Rob\AppData\Roaming\Publish Providers
    2012-07-16 23:29 . 2012-07-16 23:34 -------- d-----w- c:\users\Rob\AppData\Local\Sony
    2012-07-16 23:29 . 2012-07-16 23:29 -------- d-----w- c:\programdata\Sony
    2012-07-16 23:29 . 2012-07-16 23:29 -------- d-----w- c:\program files (x86)\Sony
    2012-07-16 23:29 . 2012-07-16 23:29 -------- d-----w- c:\program files\Sony
    2012-07-16 23:28 . 2012-07-17 01:43 -------- d-----w- c:\users\Rob\AppData\Roaming\Sony
    2012-07-14 15:00 . 2012-07-14 15:00 -------- d-----w- c:\users\Rob\AppData\Roaming\six-updater
    2012-07-12 11:09 . 2012-07-14 13:55 -------- d-----w- c:\program files (x86)\Screenshots
    2012-07-12 08:59 . 2012-07-14 14:10 -------- d-----w- c:\windows\en
    2012-07-12 08:56 . 2012-07-12 08:56 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
    2012-07-12 08:54 . 2012-07-12 08:56 -------- d-----w- c:\program files (x86)\Windows Live
    2012-07-12 08:54 . 2012-07-12 08:54 -------- d-----w- c:\windows\PCHEALTH
    2012-07-12 08:52 . 2012-07-14 10:33 -------- d-----w- c:\users\Rob\AppData\Local\Windows Live
    2012-07-12 08:52 . 2012-07-12 08:52 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2012-07-12 05:51 . 2012-07-14 13:55 -------- d-----w- c:\program files (x86)\Movies
    2012-07-12 05:35 . 2012-07-12 05:35 -------- d-----w- c:\program files (x86)\HELP
    2012-07-11 06:38 . 2012-07-14 14:37 -------- d-----w- c:\users\Rob\AppData\Roaming\Audacity
    2012-07-11 06:38 . 2012-07-11 06:38 -------- d-----w- c:\program files (x86)\Audacity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-06 07:37 . 2012-07-06 07:37 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-06 07:37 . 2012-07-06 07:33 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-06 07:34 . 2012-07-06 07:33 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-06 07:33 . 2012-07-06 07:33 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-06-06 05:05 . 2009-08-18 04:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2012-06-06 05:05 . 2009-08-18 03:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-05 18:51 . 2012-06-05 18:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-06-05 18:51 . 2012-06-05 18:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-06-05 18:51 . 2012-06-05 18:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-06-05 18:51 . 2012-06-05 18:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-06-05 18:51 . 2012-06-05 18:51 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-06-05 18:51 . 2012-06-05 18:51 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-06-05 18:51 . 2012-06-05 18:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-06-05 18:51 . 2012-06-05 18:51 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-06-05 18:51 . 2012-06-05 18:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-06-05 18:51 . 2012-06-05 18:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-06-05 18:51 . 2012-06-05 18:51 697344 ----a-w- c:\windows\system32\msfeeds.dll
    2012-06-05 18:51 . 2012-06-05 18:51 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-06-05 18:51 . 2012-06-05 18:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-06-05 18:51 . 2012-06-05 18:51 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-06-05 18:51 . 2012-06-05 18:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-06-05 18:51 . 2012-06-05 18:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-06-05 18:51 . 2012-06-05 18:51 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-06-05 18:51 . 2012-06-05 18:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-06-05 18:51 . 2012-06-05 18:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-06-05 18:51 . 2012-06-05 18:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-06-05 18:51 . 2012-06-05 18:51 448512 ----a-w- c:\windows\system32\html.iec
    2012-06-05 18:51 . 2012-06-05 18:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-06-05 18:51 . 2012-06-05 18:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-06-05 18:51 . 2012-06-05 18:51 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-06-05 18:51 . 2012-06-05 18:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-06-05 18:51 . 2012-06-05 18:51 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-06-05 18:51 . 2012-06-05 18:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-06-05 18:51 . 2012-06-05 18:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-06-05 18:51 . 2012-06-05 18:51 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-06-05 18:51 . 2012-06-05 18:51 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-06-05 18:51 . 2012-06-05 18:51 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-06-05 18:51 . 2012-06-05 18:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-06-05 18:51 . 2012-06-05 18:51 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-06-05 18:51 . 2012-06-05 18:51 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-06-05 18:51 . 2012-06-05 18:51 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-06-05 18:51 . 2012-06-05 18:51 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-06-05 18:51 . 2012-06-05 18:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-06-05 18:51 . 2012-06-05 18:51 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-06-05 18:51 . 2012-06-05 18:51 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-06-05 18:51 . 2012-06-05 18:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-06-05 18:51 . 2012-06-05 18:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-06-05 18:51 . 2012-06-05 18:51 149504 ----a-w- c:\windows\system32\occache.dll
    2012-06-05 18:51 . 2012-06-05 18:51 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-06-05 18:51 . 2012-06-05 18:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-06-05 18:51 . 2012-06-05 18:51 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-06-05 18:51 . 2012-06-05 18:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-06-05 18:51 . 2012-06-05 18:51 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-06-05 18:51 . 2012-06-05 18:51 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-06-05 18:51 . 2012-06-05 18:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-06-05 18:51 . 2012-06-05 18:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-06-05 18:51 . 2012-06-05 18:51 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-06-05 18:51 . 2012-06-05 18:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-06-02 22:19 . 2012-06-21 16:25 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 16:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 16:25 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 16:25 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 16:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 16:25 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 07:19 . 2012-06-21 16:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 07:15 . 2012-06-21 16:25 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-31 04:10 . 2012-06-06 04:50 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
    2012-05-15 10:48 . 2012-06-05 05:07 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-05-15 10:48 . 2012-06-05 05:07 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
    2012-05-15 10:48 . 2012-06-05 05:07 8139072 ----a-w- c:\windows\system32\nvcuda.dll
    2012-05-15 10:48 . 2012-06-05 05:07 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2012-05-15 10:48 . 2012-06-05 05:07 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
    2012-05-15 10:48 . 2012-06-05 05:07 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
    2012-05-15 10:48 . 2012-06-05 05:07 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-05-15 10:48 . 2012-06-05 05:07 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-05-15 10:48 . 2012-06-05 05:07 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
    2012-05-15 10:48 . 2012-06-05 05:07 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2012-05-15 10:48 . 2012-06-05 05:07 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-05-15 10:48 . 2012-06-05 05:07 246592 ----a-w- c:\windows\system32\nvinitx.dll
    2012-05-15 10:48 . 2012-06-05 05:07 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2012-05-15 10:48 . 2012-06-05 05:07 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
    2012-05-15 10:48 . 2012-06-05 05:07 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2012-05-15 10:48 . 2012-06-05 05:07 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
    2012-05-15 10:48 . 2012-06-05 05:07 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2012-05-15 10:48 . 2012-06-05 05:07 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2012-05-15 10:48 . 2012-06-05 05:07 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-05-15 10:48 . 2012-06-05 05:07 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2012-05-15 10:48 . 2012-06-01 03:12 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-05-15 10:48 . 2012-06-01 03:12 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
    2012-05-15 10:48 . 2012-06-01 03:12 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48 . 2012-06-01 03:12 68928 ----a-w- c:\windows\system32\OpenCL.dll
    2012-05-15 10:48 . 2012-06-01 03:12 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2012-05-15 10:48 . 2012-06-01 03:12 2741568 ----a-w- c:\windows\system32\nvapi64.dll
    2012-05-15 10:48 . 2012-06-01 03:12 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-05-15 09:29 . 2012-06-01 03:13 889664 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-05-15 09:29 . 2012-06-01 03:13 63296 ----a-w- c:\windows\system32\nvshext.dll
    2012-05-15 09:29 . 2012-06-01 03:13 118080 ----a-w- c:\windows\system32\nvmctray.dll
    2012-05-15 09:29 . 2012-06-05 05:08 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer5"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 250056]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
    S1 aswSP;aswSP; [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 61008]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-29 117520]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 01:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.au/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 10.0.0.138
    FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\1dkcvaj6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .


    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3204303906-2148942231-1774624756-1000\Software\SecuROM\License information*]
    "datasecu"=hex:24,21,5a,8a,21,b7,ce,45,00,2c,36,ef,8f,17,de,4b,89,77,1d,9f,d4,
    86,a9,9f,7f,03,7e,49,5d,e1,cb,63,35,fc,85,81,4e,8f,f9,46,f5,c9,18,a3,6f,69,\
    "rkeysecu"=hex:e6,86,99,79,c2,97,bb,5a,8b,38,1e,98,db,71,41,08
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-06 07:41:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-05 23:41
    .
    Pre-Run: 715,039,805,440 bytes free
    Post-Run: 715,336,957,952 bytes free
    .
    - - End Of File - - B4ECFE5F684FF98DBC8665E81D598208
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Thanks for telling me. That helps. Now, I know what to look for. What frightens me about some users' logs, is that they'll continue installing programs while we're cleaning, and new stuff is showing up in the logs. Sometimes, it would feel like I was doing nothing to help, and they didn't want to have a clean computer. But, anyway, it's okay. Having good security is best.

    For your case, it's kinda like putting on your seat belt when you see an officer. No one wants caught without their seat belt. :D

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
     
  15. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Another Note: I have downloaded various ROM files for a SNES emulator (File extension: .smc) , along with a GameCube emulator and games (File extension: .gmc and .iso)
    I have installed one game called "Payday: The Heist" and other gaming related programs, files.

    I would also like to personally thank you for all the work you're doing here. You seem to donate a large portion of your time to helping people out with their computers with very little gain.

    Since the fix script you gave me my computer has been running flawlessly but I will continue to do as instructed to make sure I'm in the clear. Thanks again! Now for the logs.
     
  16. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    OTL Extras logfile created on: 6/08/2012 6:03:51 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rob\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.96 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.62% Memory free
    15.92 Gb Paging File | 13.31 Gb Available in Paging File | 83.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 769.46 Gb Free Space | 82.61% Space Free | Partition Type: NTFS

    Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0461F2BB-3EA4-4982-9AEC-56A18AFFE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{090F0E81-7996-4737-8494-94DBA11D52F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{0BDAFDB2-1F29-45CD-A262-C76E8F69F756}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{1D6979E3-184B-4DEE-8499-D906F5BDEE71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{249614E2-006D-4F67-A7C0-7D53D695A98F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{2CE00876-E7F0-4826-BA7A-BCB75FE595D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{3D8AD114-8D15-457A-94EA-F87431471A63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{450BA3F6-794B-4AF5-8A30-60AFAC8E407B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{4B07138D-033E-4D78-9FCF-1F5578AD3A18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
    "{56B765F8-58C9-43CF-8911-62AB573AB399}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{6263A9C9-5D2E-43B1-9F00-5250A9F11CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
    "{64C5A03A-D1A3-4B06-B0B3-CC24D6314B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{66A55B17-15B2-48F0-9DF8-8EF01DAC695C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6FC16160-4F02-46B6-9F45-1B2021840B54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{70611712-6D83-4D51-95CA-C49A059C0D87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
    "{74BD5085-379B-411A-9534-75088BCD9A51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
    "{7B2DD608-D2AC-4309-AC74-6026D41350C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{8385157B-5F9F-4A9E-BED9-85AD56F1CEDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{85E23056-3791-44D8-8B43-8365B04C008A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{8F9BC826-D3F4-413F-B69C-12F323988AED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{9486A914-3626-43C0-881A-7324B06A1AD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{94D09446-8EEA-4970-AB0C-20BED14E7909}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{9AC02E67-1229-4946-B60A-983D7E3F7F08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{9BE63A48-4D7A-427F-A320-C0C0CF61199A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{A21C137F-FE0E-4C5F-AF66-06D57C075F38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{A711D164-640C-4F0D-B6A8-9D2264E0ECC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
    "{A913881D-1665-4A56-8607-6D6C39929407}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{AF63563E-C56C-454D-B10D-67F7C58DBD37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{B94A8F7E-22E8-4260-A0FA-E7B4E41217D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{BB4D7C99-5700-4080-89D0-8D50338DD2FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{C1E94E11-A6F7-4DEC-AD70-DB898AAFBDB7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{C7425A28-B843-4D75-ACA1-A6816325435D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "{CC0BA6C5-6D85-4A98-9C66-01F7A74D1E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{CE5D1196-30D2-4ED0-A486-0BFA226010F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{D4DFB148-C018-4F35-9BD1-678BFB8A9341}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{D857750F-A6E6-40FB-8E00-A47A33496B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "{E36729FA-BABC-403A-94FA-09FDB7FCC8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{EF0C5C49-68F0-4917-8259-C20AFA02ED95}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{FB42F6EC-E3DB-48AD-B0A2-8A8257BA19CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{FB865A4B-C0F8-4142-95FF-9070CE322EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{FCE3DEA8-6186-495B-A86D-5D2268AF470B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
    "TCP Query User{25D4F1B7-2FF9-402B-AE6B-C462FA9F2BDF}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
    "TCP Query User{5B8137AF-E4D3-4CF8-A867-C4AEB2BB94BF}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
    "TCP Query User{61ABCF2B-537B-4B6A-9548-742435DE2509}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "TCP Query User{91FEC8C8-A3DE-45E5-A320-37BADD2B9187}C:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe |
    "TCP Query User{A235EA35-8A67-40B9-9938-EB6EC72F1057}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "TCP Query User{B0A75ACF-B143-417C-9BDD-6CDD1EC61AF2}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
    "TCP Query User{E9A49FE4-A424-4D97-A8E9-604CE4482A3B}C:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "UDP Query User{455668E7-F761-4DEF-801E-045F1785D440}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
    "UDP Query User{5D53CDD8-8C37-4949-AA97-B4638604DAD4}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
    "UDP Query User{740DBFCC-580F-4FC5-B24B-CA75E622436A}C:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "UDP Query User{81E115F3-9BA2-465E-80D9-DA4617DCC4B3}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "UDP Query User{8DD1D014-011D-489D-8D9C-7E2F32753E9F}C:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe |
    "UDP Query User{B5C98BCB-CADD-4888-8917-797B3B5CBDF5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
    "UDP Query User{E89EE326-0484-41A0-B027-39935D65993C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
     
  17. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{269F9470-26A4-11E1-83EE-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
    "{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
    "A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Alan Wake_is1" = Alan Wake
    "Any Video Converter_is1" = Any Video Converter 3.4.0
    "Audacity_is1" = Audacity 2.0
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Fraps" = Fraps (remove only)
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "Metro 2033_is1" = Metro 2033
    "MISERY_is1" = MISERY for S.T.A.L.K.E.R - Call of Pripyat
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Optical Disc Doctor_is1" = Optical Disc Doctor
    "PowerISO" = PowerISO
    "PunkBusterSvc" = PunkBuster Services
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "Steam App 113200" = The Binding of Isaac
    "Steam App 240" = Counter-Strike: Source
    "Steam App 24240" = PAYDAY: The Heist
    "Steam App 33910" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 4000" = Garry's Mod
    "Steam App 40800" = Super Meat Boy
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 65700" = ARMA 2: British Armed Forces
    "Steam App 65720" = ARMA 2: Private Military Company
    "Steam App 6860" = Hitman: Blood Money
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 2.0.1

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/08/2012 4:15:15 AM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: arma2oa.exe, version: 1.62.95.417, time
    stamp: 0x5012ba9f Faulting module name: arma2oa.exe, version: 1.62.95.417, time
    stamp: 0x5012ba9f Exception code: 0xc0000005 Fault offset: 0x00082ee0 Faulting process
    id: 0xc0c Faulting application start time: 0x01cd72e244763cb7 Faulting application
    path: c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Report
    Id: af5b4732-ded5-11e1-98e5-902b3432ac6c

    Error - 5/08/2012 10:16:34 AM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 11:28:30 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program Steam.exe version 1.0.1446.623 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1718 Start
    Time: 01cd731ee31b3ed1 Termination Time: 5 Application Path: C:\Program Files (x86)\Steam\Steam.exe

    Report
    Id: 2fccfa88-df12-11e1-ae16-902b3432ac6c

    Error - 5/08/2012 7:26:25 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 7:40:48 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 7:46:24 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 8:09:32 PM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
    Dependent
    Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
    be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 5/08/2012 11:19:41 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/08/2012 12:58:42 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 12a8 Start
    Time: 01cd738e97fee611 Termination Time: 20 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 60e8d0b2-df83-11e1-9868-902b3432ac6c

    Error - 6/08/2012 1:00:15 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a88 Start
    Time: 01cd7390271244cb Termination Time: 28 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 9913fe05-df83-11e1-9868-902b3432ac6c

    [ System Events ]
    Error - 5/08/2012 7:36:52 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 5/08/2012 7:37:50 PM | Computer Name = Rob-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 5/08/2012 7:38:13 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 5/08/2012 7:39:05 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 5/08/2012 7:41:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 7:41:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 5/08/2012 7:46:48 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 7:46:48 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 5/08/2012 11:20:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 11:20:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
     
  18. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    OTL Extras logfile created on: 6/08/2012 6:03:51 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rob\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    7.96 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.62% Memory free
    15.92 Gb Paging File | 13.31 Gb Available in Paging File | 83.60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 769.46 Gb Free Space | 82.61% Space Free | Partition Type: NTFS

    Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0461F2BB-3EA4-4982-9AEC-56A18AFFE92A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{090F0E81-7996-4737-8494-94DBA11D52F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{0BDAFDB2-1F29-45CD-A262-C76E8F69F756}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{1D6979E3-184B-4DEE-8499-D906F5BDEE71}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{249614E2-006D-4F67-A7C0-7D53D695A98F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{2CE00876-E7F0-4826-BA7A-BCB75FE595D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{3D8AD114-8D15-457A-94EA-F87431471A63}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{450BA3F6-794B-4AF5-8A30-60AFAC8E407B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{4B07138D-033E-4D78-9FCF-1F5578AD3A18}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
    "{56B765F8-58C9-43CF-8911-62AB573AB399}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{6263A9C9-5D2E-43B1-9F00-5250A9F11CA6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
    "{64C5A03A-D1A3-4B06-B0B3-CC24D6314B0E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{66A55B17-15B2-48F0-9DF8-8EF01DAC695C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
    "{6FC16160-4F02-46B6-9F45-1B2021840B54}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{70611712-6D83-4D51-95CA-C49A059C0D87}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
    "{74BD5085-379B-411A-9534-75088BCD9A51}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\payday the heist\payday_win32_release.exe |
    "{7B2DD608-D2AC-4309-AC74-6026D41350C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{8385157B-5F9F-4A9E-BED9-85AD56F1CEDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{85E23056-3791-44D8-8B43-8365B04C008A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{8F9BC826-D3F4-413F-B69C-12F323988AED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{9486A914-3626-43C0-881A-7324B06A1AD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{94D09446-8EEA-4970-AB0C-20BED14E7909}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{9AC02E67-1229-4946-B60A-983D7E3F7F08}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
    "{9BE63A48-4D7A-427F-A320-C0C0CF61199A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
    "{A21C137F-FE0E-4C5F-AF66-06D57C075F38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{A711D164-640C-4F0D-B6A8-9D2264E0ECC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
    "{A913881D-1665-4A56-8607-6D6C39929407}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
    "{AF63563E-C56C-454D-B10D-67F7C58DBD37}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\hitmanbloodmoney.exe |
    "{B94A8F7E-22E8-4260-A0FA-E7B4E41217D0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
    "{BB4D7C99-5700-4080-89D0-8D50338DD2FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
    "{C1E94E11-A6F7-4DEC-AD70-DB898AAFBDB7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{C7425A28-B843-4D75-ACA1-A6816325435D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "{CC0BA6C5-6D85-4A98-9C66-01F7A74D1E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe |
    "{CE5D1196-30D2-4ED0-A486-0BFA226010F6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hitman blood money\configure.exe |
    "{D4DFB148-C018-4F35-9BD1-678BFB8A9341}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{D857750F-A6E6-40FB-8E00-A47A33496B9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "{E36729FA-BABC-403A-94FA-09FDB7FCC8B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
    "{EF0C5C49-68F0-4917-8259-C20AFA02ED95}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
    "{FB42F6EC-E3DB-48AD-B0A2-8A8257BA19CA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
    "{FB865A4B-C0F8-4142-95FF-9070CE322EA7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
    "{FCE3DEA8-6186-495B-A86D-5D2268AF470B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
    "TCP Query User{25D4F1B7-2FF9-402B-AE6B-C462FA9F2BDF}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
    "TCP Query User{5B8137AF-E4D3-4CF8-A867-C4AEB2BB94BF}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
    "TCP Query User{61ABCF2B-537B-4B6A-9548-742435DE2509}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
    "TCP Query User{91FEC8C8-A3DE-45E5-A320-37BADD2B9187}C:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe |
    "TCP Query User{A235EA35-8A67-40B9-9938-EB6EC72F1057}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "TCP Query User{B0A75ACF-B143-417C-9BDD-6CDD1EC61AF2}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
    "TCP Query User{E9A49FE4-A424-4D97-A8E9-604CE4482A3B}C:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "UDP Query User{455668E7-F761-4DEF-801E-045F1785D440}C:\program files (x86)\steam\steamapps\common\blur\blur.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blur\blur.exe |
    "UDP Query User{5D53CDD8-8C37-4949-AA97-B4638604DAD4}C:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gog.com\the witcher 2 enhanced edition\bin\witcher2.exe |
    "UDP Query User{740DBFCC-580F-4FC5-B24B-CA75E622436A}C:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\garrysmod\hl2.exe |
    "UDP Query User{81E115F3-9BA2-465E-80D9-DA4617DCC4B3}C:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
    "UDP Query User{8DD1D014-011D-489D-8D9C-7E2F32753E9F}C:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\bignoseditalian1\counter-strike source\hl2.exe |
    "UDP Query User{B5C98BCB-CADD-4888-8917-797B3B5CBDF5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
    "UDP Query User{E89EE326-0484-41A0-B027-39935D65993C}C:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{269F9470-26A4-11E1-83EE-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
    "{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy DS3 driver version 0.6.0004
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{15C49338-59E5-472E-94F7-D5AE15EE23C9}" = XSplit
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{915726DF-7891-444A-AA03-0DF1D64F561A}" = L.A. Noire
    "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "A2BAF Data cache removal" = ARMA 2: British Armed Forces - Data cache removal
    "A2PMC Data cache removal" = ARMA 2: Private Military Company - Data cache removal
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Alan Wake_is1" = Alan Wake
    "Any Video Converter_is1" = Any Video Converter 3.4.0
    "Audacity_is1" = Audacity 2.0
    "BattlEye for A2" = BattlEye Uninstall
    "BattlEye for OA" = BattlEye for OA Uninstall
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Fraps" = Fraps (remove only)
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
    "Metro 2033_is1" = Metro 2033
    "MISERY_is1" = MISERY for S.T.A.L.K.E.R - Call of Pripyat
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Optical Disc Doctor_is1" = Optical Disc Doctor
    "PowerISO" = PowerISO
    "PunkBusterSvc" = PunkBuster Services
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "Steam App 113200" = The Binding of Isaac
    "Steam App 240" = Counter-Strike: Source
    "Steam App 24240" = PAYDAY: The Heist
    "Steam App 33910" = ARMA 2
    "Steam App 33930" = ARMA 2: Operation Arrowhead
    "Steam App 4000" = Garry's Mod
    "Steam App 40800" = Super Meat Boy
    "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
    "Steam App 65700" = ARMA 2: British Armed Forces
    "Steam App 65720" = ARMA 2: Private Military Company
    "Steam App 6860" = Hitman: Blood Money
    "uTorrent" = µTorrent
    "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar
    "VLC media player" = VLC media player 2.0.1

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/08/2012 4:15:15 AM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: arma2oa.exe, version: 1.62.95.417, time
    stamp: 0x5012ba9f Faulting module name: arma2oa.exe, version: 1.62.95.417, time
    stamp: 0x5012ba9f Exception code: 0xc0000005 Fault offset: 0x00082ee0 Faulting process
    id: 0xc0c Faulting application start time: 0x01cd72e244763cb7 Faulting application
    path: c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Faulting
    module path: c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\arma2oa.exe
    Report
    Id: af5b4732-ded5-11e1-98e5-902b3432ac6c

    Error - 5/08/2012 10:16:34 AM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 11:28:30 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program Steam.exe version 1.0.1446.623 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1718 Start
    Time: 01cd731ee31b3ed1 Termination Time: 5 Application Path: C:\Program Files (x86)\Steam\Steam.exe

    Report
    Id: 2fccfa88-df12-11e1-ae16-902b3432ac6c

    Error - 5/08/2012 7:26:25 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 7:40:48 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 7:46:24 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 5/08/2012 8:09:32 PM | Computer Name = Rob-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
    Dependent
    Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
    be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 5/08/2012 11:19:41 PM | Computer Name = Rob-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/08/2012 12:58:42 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 12a8 Start
    Time: 01cd738e97fee611 Termination Time: 20 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 60e8d0b2-df83-11e1-9868-902b3432ac6c

    Error - 6/08/2012 1:00:15 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a88 Start
    Time: 01cd7390271244cb Termination Time: 28 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: 9913fe05-df83-11e1-9868-902b3432ac6c

    [ System Events ]
    Error - 5/08/2012 7:36:52 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 5/08/2012 7:37:50 PM | Computer Name = Rob-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 5/08/2012 7:38:13 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 5/08/2012 7:39:05 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 5/08/2012 7:41:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 7:41:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 5/08/2012 7:46:48 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 7:46:48 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 5/08/2012 11:20:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1330 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 5/08/2012 11:20:09 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Excellent work!

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  20. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Note: I use firefox and the application needed to download and install before scanning.
    Upon closing the scanner there was an option to uninstall upon exiting which I had ticked.
    I opened notepad and went to the file location you said.
    It didn't exist but ESET existed, so I went to that which contained the file "EsetOnlineScanner" but did not have a file that could be opened by notepad. There was no log in this location. During the scan 4 threats were found and quarantined. I selected "Delete Quarantined Files" and "Uninstall application upon closing" when the program was running. I decided to run the scanner for a second time, as various times using anti virus programs I have noticed it detects the files for a second time and didn't actually get rid of them. The log only stays if you don't uninstall after the scan is complete.

    The log:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e7afa8e38fdf054c9af4fd9e56ddd982
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-07 04:32:39
    # local_time=2012-08-07 12:32:39 (+0800, W. Australia Standard Time)
    # country="Australia"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=770 16774141 100 97 137921 121022632 0 0
    # compatibility_mode=5893 16776573 100 94 42864 95942610 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=121756
    # found=0
    # cleaned=0
    # scan_time=1199

    There were no threats detected the second scan and I am unsure if this will effect you in finding out if my computer is safe.
     
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    One more here...

    Please run the F-Secure Online Scanner
    • Accept the License Agreement and check the box. Then click on Run Check.
    • [​IMG]
    • It will ask you to Run the Java plugin. Please confirm.
    • Once the download completes, the window for the scanner will launch.
    • Please confirm anymore prompts, and then select Full Scan.
    • The scan will take some time to finish, so please be patient.
    • When the scan completes, click the Automatic cleaning (recommended) button.
    • It will run its cleaning.
    • Click the Full report button and Copy & Paste the entire report (except the bold text at the foot of the page) in your next reply. Once that's done, click the Close button on the scan window.
     
  22. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Scanning Report

    Wednesday, August 8, 2012 12:24:25 - 12:42:28

    Computer name: ROB-PC
    Scanning type: Scan system for malware, spyware and rootkits
    Target: C:\
    5 malware found

    TrackingCookie.2o7(spyware)
    • System (Disinfected)
    TrackingCookie.Atdmt(spyware)
    • System (Disinfected)
    TrackingCookie.Doubleclick(spyware)
    • System (Disinfected)
    TrackingCookie.WebTrendsLive (spyware)
    • System (Disinfected)
    TrackingCookie.Webtrends(spyware)
    • System (Disinfected)
    Statistics

    Scanned:
    • Files: 62777
    • System: 5612
    • Not scanned: 28
    Actions:
    • Disinfected: 5
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
    Files not scanned:
    • C:\HIBERFIL.SYS
    • C:\PAGEFILE.SYS
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
    • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
    • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
    • C:\USERS\ROB\APPDATA\LOCAL\TEMP\REG3DCA.TMP
    • C:\USERS\ROB\APPDATA\LOCAL\TEMP\REG4C3B.TMP
    • C:\USERS\ROB\APPDATA\LOCAL\TEMP\HSPERFDATA_ROB\2380
    • C:\USERS\ROB\APPDATA\LOCAL\TEMP\HSPERFDATA_ROB\5040
    • C:\SYSTEM VOLUME INFORMATION\{484D0428-DF75-11E1-9868-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{52281790-DE4E-11E1-BC07-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{8D82C797-DB6A-11E1-8C04-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{B0C6B355-DE99-11E1-98E5-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{E1B2A82C-DC4D-11E1-92B4-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{E1B2A83B-DC4D-11E1-92B4-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\SYSTEM VOLUME INFORMATION\{E1B2A842-DC4D-11E1-92B4-902B3432AC6C}{3808876B-C176-4E48-B7AE-04046E6CC752}
    • C:\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\SCANS\HISTORY\CACHEMANAGER\MPSFC.BIN
    • C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-1.BIN
    Options

    Scanning engines: Scanning options:
    • Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TMP
    • Use advanced heuristics
     
  23. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Tracking cookies aren't exactly a big threat are they?
    Anyway, if that's the final one I'm looking forward to hearing what you have to say about the state of my PC :D
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Nah. It's all looking pretty good.

    If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  25. snortercle

    snortercle TS Rookie Topic Starter Posts: 19

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    JavaFX 2.1.0
    Java(TM) 7 Update 4
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    Alwil Software Avast5 AvastSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    My computer is running just as it used to! Lucky I discovered this forum, This computer was only a few weeks old. I was freaking out. I can't stress how much I thank you for helping get rid of the trojan. Is there any way to found out where it came from? I'm fairly internet security wise, and my family are simply too paranoid to use the computer that often. So they only really check their emails, but never download attachments.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...