Solved Apparent Sirefef infection

G

Gary Kemp

Posts: 25   +0
Hello,

I'm afraid you can add me to the list of likely Sirefef victims. I spotted the file in my home directory this morning, and have been fighting it for most of this evening.

IT disabled MSE, so I did a rather silly thing and ran the instructions in this thread without posting here first. This has allowed me to get MSE running, but it is only able to detect 'Win32/Cutwail.BE'. It asks me to send a report about the .exe in my home dir, which I have done. Log files are here:


=========================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

25/06/2012 22:09:19
mbam-log-2012-06-25 (22-09-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232800
Time elapsed: 2 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Gary\Downloads\Windows Loader.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Delete on reboot.

(end)

==========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-06-25 22:18:55
Windows 6.1.7601 Service Pack 1
Running: 93io052h.exe


---- Services - GMER 1.0.15 ----

Service C:\SystemRoot\System32\Drivers\68b814fec318ebc3.sys (*** hidden *** ) [BOOT] 68b814fec318ebc3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
 
HTC BMP USB Driver
Java Auto Updater
Java(TM) 6 Update 32
Launchy 2.5
LibreOffice 3.5
Malwarebytes Anti-Malware version 1.61.0.1400
MDaemon Server
MetroTwit
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Notepad++
NVIDIA PhysX
Picasa 3
Pidgin
Project CARS
PSP Video 9 6
PunkBuster Services
RACE 07
Rainmeter
rFactor (remove only)
rFactor2
RSSOwl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Ship Simulator Extremes Demo
Skype™ 5.9
Steam
Team Fortress 2
UK2000 VFR Scenery Volume1 files
Windows 7 USB/DVD Download Tool
Wunderlist
XAMPP 1.7.7
YouTube Downloader App 3.00
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Gary at 22:19:54 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.5989 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\xampp\apache\bin\httpd.exe
C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~2\MDaemon\APP\CFEngine.exe
C:\PROGRA~2\MDaemon\WorldClient\WorldClient.exe
C:\PROGRA~2\MDaemon\SpamAssassin\MDSpamD.exe
C:\Windows\system32\conhost.exe
C:\xampp\apache\bin\httpd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Gary\0i763f66bz.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Launchy\Launchy.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [F.lux] "C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [0i763f66bz] C:\Users\Gary\0i763f66bz.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Launchy.lnk - C:\Program Files (x86)\Launchy\Launchy.exe
StartupFolder: C:\Users\Gary\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MDAEMO~1.LNK - C:\Program Files (x86)\MDaemon\App\MDaemon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691} : NameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
FF - prefs.js: browser.startup.homepage - about:newtab
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\httpd.exe [2011-9-10 18432]
R2 MDaemon;MDaemon;C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE [2012-4-13 1433600]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\winvnc.exe [2012-3-4 2169056]
R2 WebAdmin;WebAdmin Server;C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe [2012-3-3 215040]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 mv2;mv2;C:\Windows\system32\DRIVERS\mv2.sys --> C:\Windows\system32\DRIVERS\mv2.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-12 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-13 257224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-12 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-06-25 21:08:37 -------- d-----w- C:\Users\Gary\AppData\Roaming\Malwarebytes
2012-06-25 21:08:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-25 21:08:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-25 21:08:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 20:44:19 -------- d-----w- C:\$RECYCLE.BIN
2012-06-25 20:06:40 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-25 20:06:40 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
2012-06-25 20:05:49 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CFB3B40-5CC3-4B83-BCCE-1BA72FDE5EC6}\mpengine.dll
2012-06-25 20:02:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-25 20:02:38 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-25 19:37:26 98816 ----a-w- C:\Windows\sed.exe
2012-06-25 19:37:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-25 19:37:26 256000 ----a-w- C:\Windows\PEV.exe
2012-06-25 19:37:26 208896 ----a-w- C:\Windows\MBR.exe
2012-06-25 19:31:34 328704 ----a-w- C:\Windows\System32\services.exe.7D18329E94516DCB
2012-06-25 19:18:30 328704 ----a-w- C:\Windows\System32\services.exe.688D6AAB913CC93F
2012-06-25 18:18:58 328704 ----a-w- C:\Windows\System32\services.exe.DCF27A594CA36169
2012-06-25 17:19:15 328704 ----a-w- C:\Windows\System32\services.exe.6D4B17950EBA7705
2012-06-25 15:43:39 328704 ----a-w- C:\Windows\System32\services.exe.4FF89BF300A76428
2012-06-25 14:07:56 328704 ----a-w- C:\Windows\System32\services.exe.917D8942AD94DB84
2012-06-25 13:08:16 328704 ----a-w- C:\Windows\System32\services.exe.B137DDBB62458F10
2012-06-25 12:08:33 328704 ----a-w- C:\Windows\System32\services.exe.9F08FF7D297B9CC7
2012-06-25 11:09:06 328704 ----a-w- C:\Windows\System32\services.exe.46E3CDF4A4524BD6
2012-06-25 10:09:22 328704 ----a-w- C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
2012-06-25 09:09:47 328704 ----a-w- C:\Windows\System32\services.exe.F4FD13ADB3D9A690
2012-06-25 08:10:07 328704 ----a-w- C:\Windows\System32\services.exe.47803BD757A17FC4
2012-06-25 07:10:27 328704 ----a-w- C:\Windows\System32\services.exe.29C16522D746982F
2012-06-25 06:06:06 328704 ----a-w- C:\Windows\System32\services.exe.D51983B2DB21FA61
2012-06-24 18:19:00 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-23 20:20:17 -------- d-----w- C:\Program Files (x86)\Regensoft
2012-06-23 20:20:14 -------- d-----w- C:\Program Files (x86)\AviSynth 2.5
2012-06-23 20:20:07 -------- d-----w- C:\Program Files (x86)\Red Kawa
2012-06-19 05:56:18 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 05:56:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 05:55:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 05:55:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 07:19:46 -------- d-----w- C:\Users\Gary\AppData\Local\Macromedia
2012-06-15 18:06:40 -------- d-----w- C:\Users\Gary\AppData\Roaming\.rFactor
2012-06-14 08:23:05 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 08:23:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 08:23:05 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 08:22:59 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 08:22:58 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 08:22:57 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:22:56 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 08:22:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-09 20:12:36 119808 ----a-r- C:\Users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-06-09 19:23:36 -------- d-----w- C:\ProgramData\Astroburn Lite
2012-06-09 19:23:36 -------- d-----w- C:\Program Files (x86)\Astroburn Lite
2012-06-09 19:10:26 -------- d-----w- C:\$WINDOWS.~BT
2012-06-04 21:56:23 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-04 21:56:23 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-04 21:56:23 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 22:04:45 -------- d-----w- C:\Users\Gary\VirtualBox VMs
2012-05-31 22:04:27 -------- d-----w- C:\Users\Gary\.VirtualBox
2012-05-31 21:01:19 -------- d-----r- C:\ESD
2012-05-29 15:42:45 -------- d-----w- C:\Users\Gary\.rssowl2
2012-05-29 15:41:19 -------- d-----w- C:\Program Files (x86)\RSSOwl
.
==================== Find3M ====================
.
2012-06-24 18:16:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 18:16:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-19 11:04:08 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-05-19 11:04:08 270240 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-16 21:04:46 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-16 21:04:33 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-06 11:01:03 286720 ----a-w- C:\Windows\iun506.exe
2012-05-06 06:10:59 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-05-04 10:41:02 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 10:41:02 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-03 13:19:10 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-04-03 13:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-04-03 13:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-03 13:19:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-04-03 13:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:20:56.47 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/03/2012 11:18:19
System Uptime: 25/06/2012 22:14:20 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 34.267 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 129 GiB total, 124.419 GiB free.
G: is FIXED (NTFS) - 21 GiB total, 5.494 GiB free.
H: is Removable
I: is FIXED (NTFS) - 20 GiB total, 19.922 GiB free.
J: is FIXED (FAT32) - 186 GiB total, 55.741 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 20/06/2012 15:43:41 - Scheduled Checkpoint
RP84: 21/06/2012 20:10:08 - Windows Update
RP85: 25/06/2012 20:37:31 - ComboFix created restore point
.
==== Installed Programs ======================
.
ActiveState Komodo Edit 7.0.2
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Astroburn Lite
µTorrent
AviSynth 2.5
Battlefield Heroes
Command and Conquer: Red Alert 3
Counter-Strike: Source
DAEMON Tools Lite
Dropbox
EditPlus 3
F.lux
F1 1976 LE v1.1
FeedReader
Google Chrome
Google Earth
Google Update Helper
 
==== Event Viewer Messages From Past Week ========
.
25/06/2012 22:15:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
25/06/2012 22:15:00, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 22:15:00, Error: Service Control Manager [7000] - The Microsoft Network Inspection System service failed to start due to the following error: A device attached to the system is not functioning.
25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 22:15:00, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 22:13:36, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
25/06/2012 22:03:54, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:3840 Detection Origin: Unknown Detection Type: Heuristics Detection Source: User User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:52:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:44:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:43:57, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
25/06/2012 21:42:28, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/06/2012 21:42:04, Error: Application Popup [1060] - \??\C:\garygary\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25/06/2012 21:28:47, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:4000 Detection Origin: Unknown Detection Type: Heuristics Detection Source: User User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Quarantine Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
25/06/2012 21:08:11, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?lin...wnloader:Win32/Cutwail.BE&threatid=2147642303 Name: TrojanDownloader:Win32/Cutwail.BE ID: 2147642303 Severity: Severe Category: Trojan Downloader Path: process:_pid:4000 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: Gary-PC\Gary Process Name: C:\Users\Gary\0i763f66bz.exe Action: Remove Action Status: To finish removing malware and other potentially unwanted software, restart the computer. Error Code: 0x8007054f Error description: An internal error occurred. Signature Version: AV: 1.129.419.0, AS: 1.129.419.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 21:05:53, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 21:03:48, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
25/06/2012 21:03:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:57:15, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:48:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:46:14, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25/06/2012 20:41:09, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: Access is denied.
25/06/2012 20:37:14, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
25/06/2012 20:37:14, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
25/06/2012 20:36:07, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:35:38, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:34:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
25/06/2012 20:34:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
25/06/2012 20:34:03, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:34:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
25/06/2012 20:34:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
25/06/2012 20:33:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/06/2012 20:33:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/06/2012 20:33:33, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf ws2ifsl
25/06/2012 20:33:33, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
25/06/2012 20:33:33, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:33:33, Error: Service Control Manager [7001] - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
25/06/2012 20:31:34, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:456 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.8502.0, NIS: 0.0.0.0
25/06/2012 20:30:56, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
25/06/2012 20:30:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx VBoxDrv VBoxUSBMon Wanarpv6 WfpLwf
25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 20:22:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 20:18:30, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 19:20:58, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 19:18:58, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 18:22:50, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 18:19:15, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
 
25/06/2012 16:45:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 16:43:39, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 15:11:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 15:07:56, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 14:10:19, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 14:08:16, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 13:10:36, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 13:08:33, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 12:11:07, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 12:09:06, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 11:13:28, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 11:09:22, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 10:13:48, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 10:09:47, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 09:12:09, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 09:10:07, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 08:12:30, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 08:10:27, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:516 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 07:51:52, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
25/06/2012 07:51:52, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
25/06/2012 07:23:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
25/06/2012 07:18:06, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:18:06, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80070006 Error description: The handle is invalid. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:08:05, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 07:06:06, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win64/Sirefef.Y&threatid=2147655285 Name: Trojan:Win64/Sirefef.Y ID: 2147655285 Severity: Severe Category: Trojan Path: containerfile:_C:\Windows\System32\services.exe;file:_C:\Windows\System32\services.exe->731;process:_pid:520 Detection Origin: Local machine Detection Type: Concrete Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\system32\services.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.129.387.0, AS: 1.129.387.0, NIS: 11.137.0.0 Engine Version: AM: 1.1.8502.0, NIS: 2.0.8001.0
25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver was unloaded unexpectedly.
25/06/2012 07:01:02, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/06/2012 06:59:05, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
25/06/2012 06:58:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
24/06/2012 12:49:12, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.
24/06/2012 11:05:43, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
24/06/2012 10:45:01, Error: NetBT [4321] - The name "GREEKATTIC :1d" could not be registered on the interface with IP address 192.168.1.137. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
24/06/2012 09:28:16, Error: bowser [8003] - The master browser has received a server announcement from the computer REDCURRANT that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5768A142-6463-4856-A441-84E2433AE691}. The master browser is stopping or an election is being forced.
20/06/2012 09:50:07, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
19/06/2012 15:03:39, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
19/06/2012 15:03:39, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/06/2012 22:17:01, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{DED67ABD-4829-475E-BB31-57E76989AEBC} because another computer on the network has the same name. The server could not start.
.
==== End Of File ===========================
IT goes without saying that I'd be extremely grateful for any help!
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================

Upper part of Attach.txt log is missing so please provide that.

Next....

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Hi,

Thanks for the quick reply. I'm at work at the moment, but I'll post the rest of the logfile when I get home - I was struggling against the character limit and tiredness :S

Gary
 
If a log or logs exceed the limit for one reply, you may use more than one reply.
 
Ok, here's the missing part of attach.log - I believe this is all that was missing:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 03/03/2012 11:18:19
System Uptime: 25/06/2012 22:14:20 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | Socket 775 | 3166/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 277 GiB total, 34.267 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 129 GiB total, 124.419 GiB free.
G: is FIXED (NTFS) - 21 GiB total, 5.494 GiB free.
H: is Removable
I: is FIXED (NTFS) - 20 GiB total, 19.922 GiB free.
J: is FIXED (FAT32) - 186 GiB total, 55.741 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 20/06/2012 15:43:41 - Scheduled Checkpoint
RP84: 21/06/2012 20:10:08 - Windows Update
RP85: 25/06/2012 20:37:31 - ComboFix created restore point
.
==== Installed Programs ======================
.
ActiveState Komodo Edit 7.0.2
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Astroburn Lite
µTorrent
AviSynth 2.5
Battlefield Heroes
Command and Conquer: Red Alert 3
Counter-Strike: Source
DAEMON Tools Lite
Dropbox
EditPlus 3
F.lux
F1 1976 LE v1.1
FeedReader
Google Chrome
Google Earth
Google Update Helper
HTC BMP USB Driver
Java Auto Updater
Java(TM) 6 Update 32
Launchy 2.5
LibreOffice 3.5
Malwarebytes Anti-Malware version 1.61.0.1400
MDaemon Server
MetroTwit
Microsoft Flight
Microsoft Flight Simulator X
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 13.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Notepad++
NVIDIA PhysX
Picasa 3
Pidgin
Project CARS
PSP Video 9 6
PunkBuster Services
RACE 07
Rainmeter
rFactor (remove only)
rFactor2
RSSOwl
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Ship Simulator Extremes Demo
Skype™ 5.9
Steam
Team Fortress 2
UK2000 VFR Scenery Volume1 files
Windows 7 USB/DVD Download Tool
Wunderlist
XAMPP 1.7.7
YouTube Downloader App 3.00
.
 
...and here is the log generated by FRST64, in two parts:

Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 07:36:00
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Gary\...\Run: [F.lux] "C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\Gary\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-06] (Valve Corporation)
HKU\Gary\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-02] (Skype Technologies S.A.)
HKU\Gary\...\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKU\Gary\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
HKU\Gary\...\Run: [0i763f66bz] C:\Users\Gary\0i763f66bz.exe [42496 2012-06-24] (FaceVsion)
HKU\Gary\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
Tcpip\..\Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: [NameServer]192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Gary\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Gary\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
Startup: C:\Users\Gary\Start Menu\Programs\Startup\MDaemon - Shortcut.lnk
ShortcutTarget: MDaemon - Shortcut.lnk -> C:\Program Files (x86)\MDaemon\App\MDaemon.exe (Alt-N Technologies, Ltd.)

==================== Services (Whitelisted) ======

2 Apache2.2; "C:\xampp\apache\bin\httpd.exe" -k runservice [18432 2011-09-10] (Apache Software Foundation)
3 FileZilla Server; "C:\xampp\FileZillaFTP\FileZillaServer.exe" [630272 2011-06-07] (FileZilla Project)
2 MDaemon; C:\PROGRA~2\MDaemon\APP\MDAEMON.EXE [1433600 2012-03-03] (Alt-N Technologies, Ltd.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
2 mysql; C:\xampp\mysql\bin\mysqld.exe --defaults-file=C:\xampp\mysql\bin\my.ini mysql [5396 2012-03-30] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-05-16] ()
2 uvnc_service; "C:\Program Files\UltraVNC\WinVNC.exe" -service [2169056 2012-02-14] (UltraVNC)
2 WebAdmin; C:\PROGRA~2\MDaemon\WebAdmin\WebAdmin.exe [215040 2010-06-22] (Alt-N Technologies, Ltd.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 68b814fec318ebc3; C:\Windows\System32\Drivers\68b814fec318ebc3.sys [74184 2012-06-24] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-05-05] (DT Soft Ltd)
3 mv2; C:\Windows\System32\Drivers\mv2.sys [12904 2012-03-04] (UVNC BVBA)
3 catchme; \??\C:\garygary\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-25 13:21 - 2012-06-25 13:21 - 00068172 ____A C:\Users\Gary\Desktop\Attach.txt
2012-06-25 13:21 - 2012-06-25 13:21 - 00018155 ____A C:\Users\Gary\Desktop\DDS.txt
2012-06-25 13:18 - 2012-06-25 13:18 - 00000332 ____A C:\Users\Gary\Desktop\gmer.log
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Malwarebytes
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 13:08 - 2012-04-04 06:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 13:05 - 2012-06-25 13:05 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Gary\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-25 12:59 - 2012-06-25 12:59 - 00085379 ____A C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
2012-06-25 12:59 - 2012-06-25 12:59 - 00000000 ____D C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
2012-06-25 12:55 - 2012-06-25 12:55 - 00607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
2012-06-25 12:55 - 2012-06-25 12:55 - 00302592 ____A C:\Users\Gary\Downloads\93io052h.exe
2012-06-25 12:48 - 2012-06-25 12:48 - 00025272 ____A C:\ComboFix.txt
2012-06-25 12:35 - 2012-06-25 12:35 - 01012656 ____A C:\Users\Gary\Downloads\rkill.exe
2012-06-25 12:34 - 2012-06-25 12:35 - 04568224 ____R (Swearware) C:\Users\Gary\Desktop\garygary.exe
2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 11:37 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-06-25 11:37 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-06-25 11:37 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-06-25 11:37 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-06-25 11:37 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-06-25 11:37 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-06-25 11:37 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-06-25 11:37 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-06-25 11:34 - 2012-06-25 12:48 - 00000000 ____D C:\Qoobox
2012-06-25 11:31 - 2012-06-25 11:52 - 00000000 ____D C:\Windows\erdnt
2012-06-25 11:31 - 2012-06-25 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D18329E94516DCB
2012-06-25 11:27 - 2012-06-25 11:28 - 04568224 ____R (Swearware) C:\Users\Gary\Downloads\ComboFix.exe
2012-06-25 11:18 - 2012-06-25 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.688D6AAB913CC93F
2012-06-25 10:18 - 2012-06-25 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCF27A594CA36169
2012-06-25 09:19 - 2012-06-25 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4B17950EBA7705
2012-06-25 07:43 - 2012-06-25 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF89BF300A76428
2012-06-25 06:07 - 2012-06-25 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917D8942AD94DB84
2012-06-25 05:08 - 2012-06-25 05:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B137DDBB62458F10
2012-06-25 04:08 - 2012-06-25 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F08FF7D297B9CC7
2012-06-25 03:09 - 2012-06-25 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E3CDF4A4524BD6
2012-06-25 02:09 - 2012-06-25 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
2012-06-25 01:09 - 2012-06-25 01:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4FD13ADB3D9A690
2012-06-25 00:10 - 2012-06-25 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47803BD757A17FC4
2012-06-24 23:10 - 2012-06-24 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C16522D746982F
2012-06-24 22:06 - 2012-06-24 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D51983B2DB21FA61
2012-06-24 21:56 - 2012-06-24 21:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall(1).exe
2012-06-24 21:49 - 2012-06-24 21:49 - 00074184 ____A C:\Windows\System32\Drivers\68b814fec318ebc3.sys
2012-06-24 13:37 - 2012-06-24 13:37 - 00000000 ____D C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0
2012-06-24 13:04 - 2012-06-24 13:06 - 65205846 ____A C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0.7z
2012-06-24 10:19 - 2012-06-24 10:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-24 10:10 - 2012-06-24 10:10 - 00042496 ____A (FaceVsion) C:\Users\Gary\0i763f66bz.exe
2012-06-24 06:48 - 2012-06-24 06:48 - 00000000 ____D C:\Users\Gary\Downloads\Grand Theft Auto Vice City Stories(PSP)
2012-06-24 06:47 - 2012-06-24 07:33 - 00000000 ____D C:\Users\Gary\Downloads\Bomberman [MULTI5][PSP][WwW.GamesTorrents.CoM]
2012-06-24 06:44 - 2012-06-24 06:44 - 00000000 ____D C:\Users\Gary\Downloads\BMan
2012-06-24 06:28 - 2012-06-24 06:28 - 05895750 ____A C:\Users\Gary\Downloads\Bomberman_94_JPN_PSN_PSP-PLAYASiA.exe
2012-06-24 06:15 - 2012-06-24 06:15 - 00000000 ____D C:\Users\Gary\Downloads\Fifa 2012 for PSP
2012-06-23 13:32 - 2012-06-24 02:02 - 984043539 ____A C:\Users\Gary\Downloads\Fifa 2012 for PSP.rar
2012-06-23 12:28 - 2012-06-23 12:53 - 170554736 ____A C:\Users\Gary\Downloads\Fight Night Round 3.cso
2012-06-23 12:25 - 2012-06-23 12:58 - 282423226 ____A C:\Users\Gary\Downloads\BURNOUT LEGENDS.cso
2012-06-23 12:22 - 2012-06-23 13:11 - 00000000 ____D C:\Users\Gary\Downloads\Grand_Theft_Auto_Liberty_City_Stories_EUR_MULTi5_PSP-MUPSP
2012-06-23 12:20 - 2012-06-23 12:20 - 00002186 ____A C:\Users\Public\Desktop\PSP Video 9.lnk
2012-06-23 12:20 - 2012-06-23 12:20 - 00002146 ____A C:\Users\Public\Desktop\YouTube Downloader App.lnk
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Users\Gary\Documents\Regensoft
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Regensoft
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-23 12:18 - 2012-06-23 13:31 - 00000000 ____D C:\Users\Gary\Downloads\PSP - FIFA 12 [EUR][MULTI5] [WWW.PEQUEPSP.ES]
2012-06-23 12:11 - 2012-06-23 12:11 - 00000000 ____D C:\Users\Gary\Downloads\DupliFinder
2012-06-23 12:10 - 2012-06-23 12:13 - 19505334 ____A C:\Users\Gary\Downloads\pspvideo9-600-setup.exe
2012-06-23 11:58 - 2012-06-23 11:58 - 00223531 ____A C:\Users\Gary\Downloads\DupliFinder.zip
2012-06-20 13:44 - 2012-06-20 13:52 - 271091146 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMcNish.MP4
2012-06-20 13:44 - 2012-06-20 13:45 - 13061400 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMarino.MP4
2012-06-19 08:53 - 2012-06-19 07:59 - 301149238 ____A C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
2012-06-19 05:48 - 2012-06-19 05:48 - 00000000 ____D C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19
2012-06-19 05:45 - 2012-06-19 05:45 - 00108178 ____A C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19.zip
2012-06-18 21:56 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 21:56 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 21:56 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 21:56 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 21:56 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 21:56 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 21:56 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 21:55 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 21:55 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 13:06 - 2012-06-18 13:06 - 00000000 ____D C:\Users\Gary\Downloads\Snetterton 300 track
2012-06-18 13:04 - 2012-06-18 13:04 - 00010711 ____A C:\Users\Gary\Desktop\Keys.ini
2012-06-18 12:33 - 2012-06-18 12:41 - 63386619 ____A C:\Users\Gary\Downloads\Snetterton 300 track.7z
2012-06-18 12:22 - 2012-06-18 21:53 - 551391098 ____A C:\Users\Gary\Downloads\ISI1044-v10-v11-FormulaRenault35s.rfmod
2012-06-18 12:22 - 2012-06-18 12:52 - 158990275 ____A C:\Users\Gary\Downloads\ISI1044-v11-v12-FormulaRenault35s.rfmod
2012-06-17 23:19 - 2012-06-17 23:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Macromedia
2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Juli\Desktop\rFactor2.lnk
2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Gary\Desktop\rFactor2.lnk
2012-06-17 01:09 - 2012-06-17 01:24 - 515492056 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build90_Setup.exe
2012-06-16 08:57 - 2012-06-16 08:57 - 00003584 ____A C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-16 07:28 - 2012-06-16 07:28 - 00000000 ___HD C:\Users\Gary\Desktop\.picasaoriginals
2012-06-15 10:06 - 2012-06-15 10:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.rFactor
2012-06-14 13:57 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 13:57 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 13:57 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 13:57 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 13:57 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 13:57 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 13:57 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 13:57 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 13:57 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 13:57 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 13:57 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 13:57 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 13:57 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 13:57 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 13:57 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 13:57 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 13:57 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 13:57 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 13:57 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 13:57 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 13:57 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 13:57 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 13:57 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 13:57 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 13:57 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 13:57 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 13:57 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 13:57 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 00:23 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 00:23 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 00:23 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 00:22 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 00:22 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 00:22 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 00:22 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 00:22 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-10 09:26 - 2012-06-10 09:26 - 00000000 ____D C:\Users\Gary\Downloads\autocross italia cars and tracks
2012-06-10 04:45 - 2012-06-10 04:57 - 177209098 ____A C:\Users\Gary\Downloads\PCC_2007_Setup.exe
2012-06-10 01:21 - 2012-06-10 06:12 - 1283868187 ____A C:\Users\Gary\Downloads\autocross italia cars and tracks.rar
2012-06-10 00:49 - 2012-06-10 00:49 - 00527122 ____A C:\Users\Gary\Desktop\flash.bmp
2012-06-09 12:12 - 2012-06-09 12:12 - 00002508 ____A C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
2012-06-09 12:12 - 2012-06-09 12:12 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2012-06-09 12:10 - 2012-06-09 12:10 - 02721168 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows7-USB-DVD-tool.exe
2012-06-09 11:23 - 2012-06-09 11:23 - 00001070 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\All Users\Astroburn Lite
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
2012-06-09 11:21 - 2012-06-09 11:22 - 05327264 ____A (Canneverbe Limited ) C:\Users\Gary\Downloads\cdbxp_setup_4.4.1.3184.exe
2012-06-09 11:10 - 2012-06-09 11:10 - 00000000 ____D C:\$WINDOWS.~BT
2012-06-09 11:03 - 2012-06-09 11:04 - 00142264 ____A C:\Users\Gary\Downloads\UWT(1).zip
2012-06-07 12:07 - 2012-06-07 12:09 - 74938301 ____A (GPLPS ) C:\Users\Gary\Downloads\gplinstallmax_0.97_UK.exe
2012-06-07 11:16 - 2012-06-07 11:16 - 298792988 ____A C:\Windows\MEMORY.DMP
2012-06-07 11:16 - 2012-06-07 11:16 - 00274328 ____A C:\Windows\Minidump\060712-17862-01.dmp
2012-06-07 11:16 - 2012-06-07 11:16 - 00000000 ____D C:\Windows\Minidump
2012-06-05 07:18 - 2012-05-15 19:53 - 00000000 ____D C:\Users\Gary\Downloads\GameData
2012-06-04 13:56 - 2012-06-04 13:56 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-04 11:11 - 2012-06-04 11:11 - 16574016 ____A (Mozilla) C:\Users\Gary\Downloads\Firefox Setup 13.0.exe
2012-06-04 03:38 - 2012-06-04 03:39 - 07730747 ____A C:\Users\Gary\Downloads\mariopaintcomposerpc.zip
2012-05-31 14:04 - 2012-06-09 11:07 - 00000000 ____D C:\Users\Gary\.VirtualBox
2012-05-31 14:04 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\VirtualBox VMs
2012-05-31 14:01 - 2012-06-09 11:10 - 00001388 ____A C:\Users\Gary\Desktop\Install Windows.lnk
2012-05-31 13:01 - 2012-05-31 13:01 - 00000000 ___RD C:\ESD
2012-05-31 12:45 - 2012-05-31 12:46 - 05350616 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 00004033 ____A C:\Users\Gary\Documents\feedreader.opml
2012-05-29 07:42 - 2012-06-25 13:44 - 00000000 ____D C:\Users\Gary\.rssowl2
2012-05-29 07:41 - 2012-05-29 07:42 - 00000000 ____D C:\Program Files (x86)\RSSOwl
2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Juli\Desktop\RSSOwl.lnk
2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Gary\Desktop\RSSOwl.lnk
2012-05-29 07:40 - 2012-05-29 07:40 - 03960791 ____A (RSSOwl Team) C:\Users\Gary\Downloads\RSSOwl Setup 2.1.2.exe


============ 3 Months Modified Files and Folders =============

2012-06-27 07:36 - 2012-06-27 07:35 - 00000000 ____D C:\FRST
2012-06-26 22:30 - 2009-07-13 20:45 - 00025216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-26 22:30 - 2009-07-13 20:45 - 00025216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-26 22:24 - 2012-03-03 03:14 - 01476708 ____A C:\Windows\WindowsUpdate.log
2012-06-26 22:15 - 2012-03-12 02:26 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Skype
2012-06-26 22:15 - 2012-03-06 14:13 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-26 22:15 - 2012-03-05 13:03 - 00000000 ___RD C:\Users\Gary\Dropbox
2012-06-26 22:15 - 2012-03-05 12:59 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Dropbox
2012-06-26 22:14 - 2012-03-12 03:44 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-26 22:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-26 22:14 - 2009-07-13 20:51 - 00039605 ____A C:\Windows\setupact.log
2012-06-26 14:10 - 2012-04-13 01:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-26 13:54 - 2012-03-12 03:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-25 13:44 - 2012-05-29 07:42 - 00000000 ____D C:\Users\Gary\.rssowl2
2012-06-25 13:21 - 2012-06-25 13:21 - 00068172 ____A C:\Users\Gary\Desktop\Attach.txt
2012-06-25 13:21 - 2012-06-25 13:21 - 00018155 ____A C:\Users\Gary\Desktop\DDS.txt
2012-06-25 13:18 - 2012-06-25 13:18 - 00000332 ____A C:\Users\Gary\Desktop\gmer.log
2012-06-25 13:14 - 2012-03-07 23:18 - 00010420 ____A C:\Windows\PFRO.log
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Malwarebytes
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-25 13:08 - 2012-06-25 13:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-25 13:05 - 2012-06-25 13:05 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Gary\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-25 12:59 - 2012-06-25 12:59 - 00085379 ____A C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
2012-06-25 12:59 - 2012-06-25 12:59 - 00000000 ____D C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
2012-06-25 12:55 - 2012-06-25 12:55 - 00607260 ____R (Swearware) C:\Users\Gary\Downloads\dds.scr
2012-06-25 12:55 - 2012-06-25 12:55 - 00302592 ____A C:\Users\Gary\Downloads\93io052h.exe
2012-06-25 12:52 - 2012-05-23 08:49 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\2.0
2012-06-25 12:48 - 2012-06-25 12:48 - 00025272 ____A C:\ComboFix.txt
2012-06-25 12:48 - 2012-06-25 11:34 - 00000000 ____D C:\Qoobox
2012-06-25 12:44 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-06-25 12:35 - 2012-06-25 12:35 - 01012656 ____A C:\Users\Gary\Downloads\rkill.exe
2012-06-25 12:35 - 2012-06-25 12:34 - 04568224 ____R (Swearware) C:\Users\Gary\Desktop\garygary.exe
2012-06-25 12:03 - 2012-03-03 08:18 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-25 12:02 - 2012-06-25 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-25 12:02 - 2012-05-23 08:49 - 00000000 ____D C:\Users\Gary\AppData\Local\Deployment
2012-06-25 12:02 - 2012-03-03 08:15 - 00787568 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-25 11:52 - 2012-06-25 11:31 - 00000000 ____D C:\Windows\erdnt
2012-06-25 11:31 - 2012-06-25 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D18329E94516DCB
2012-06-25 11:28 - 2012-06-25 11:27 - 04568224 ____R (Swearware) C:\Users\Gary\Downloads\ComboFix.exe
2012-06-25 11:18 - 2012-06-25 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.688D6AAB913CC93F
2012-06-25 10:18 - 2012-06-25 10:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DCF27A594CA36169
2012-06-25 09:19 - 2012-06-25 09:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6D4B17950EBA7705
2012-06-25 07:43 - 2012-06-25 07:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4FF89BF300A76428
2012-06-25 06:07 - 2012-06-25 06:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.917D8942AD94DB84
2012-06-25 05:08 - 2012-06-25 05:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B137DDBB62458F10
2012-06-25 04:08 - 2012-06-25 04:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9F08FF7D297B9CC7
2012-06-25 03:09 - 2012-06-25 03:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.46E3CDF4A4524BD6
2012-06-25 02:09 - 2012-06-25 02:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ADB0C22F79DB6DB5
2012-06-25 01:09 - 2012-06-25 01:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F4FD13ADB3D9A690
2012-06-25 00:10 - 2012-06-25 00:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.47803BD757A17FC4
2012-06-24 23:10 - 2012-06-24 23:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.29C16522D746982F
2012-06-24 22:06 - 2012-06-24 22:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D51983B2DB21FA61
2012-06-24 21:56 - 2012-06-24 21:56 - 12621696 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\mseinstall(1).exe
2012-06-24 21:49 - 2012-06-24 21:49 - 00074184 ____A C:\Windows\System32\Drivers\68b814fec318ebc3.sys
2012-06-24 14:44 - 2012-05-05 10:13 - 00000000 ____D C:\Program Files\PeerBlock
2012-06-24 14:44 - 2012-03-03 08:25 - 00000000 ____D C:\Users\Gary\AppData\Roaming\uTorrent
2012-06-24 13:37 - 2012-06-24 13:37 - 00000000 ____D C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0
2012-06-24 13:16 - 2012-05-12 10:11 - 00000600 ____A C:\Users\Gary\AppData\Local\PUTTY.RND
2012-06-24 13:06 - 2012-06-24 13:04 - 65205846 ____A C:\Users\Gary\Downloads\Calder 2001 by Redhawk v1.0.7z
2012-06-24 10:19 - 2012-06-24 10:19 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-24 10:16 - 2012-04-13 01:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 10:16 - 2012-03-07 01:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 10:10 - 2012-06-24 10:10 - 00042496 ____A (FaceVsion) C:\Users\Gary\0i763f66bz.exe
2012-06-24 10:10 - 2012-03-03 03:18 - 00000000 ____D C:\users\Gary
2012-06-24 07:33 - 2012-06-24 06:47 - 00000000 ____D C:\Users\Gary\Downloads\Bomberman [MULTI5][PSP][WwW.GamesTorrents.CoM]
2012-06-24 06:48 - 2012-06-24 06:48 - 00000000 ____D C:\Users\Gary\Downloads\Grand Theft Auto Vice City Stories(PSP)
2012-06-24 06:44 - 2012-06-24 06:44 - 00000000 ____D C:\Users\Gary\Downloads\BMan
2012-06-24 06:28 - 2012-06-24 06:28 - 05895750 ____A C:\Users\Gary\Downloads\Bomberman_94_JPN_PSN_PSP-PLAYASiA.exe
2012-06-24 06:15 - 2012-06-24 06:15 - 00000000 ____D C:\Users\Gary\Downloads\Fifa 2012 for PSP
2012-06-24 02:02 - 2012-06-23 13:32 - 984043539 ____A C:\Users\Gary\Downloads\Fifa 2012 for PSP.rar
2012-06-23 13:31 - 2012-06-23 12:18 - 00000000 ____D C:\Users\Gary\Downloads\PSP - FIFA 12 [EUR][MULTI5] [WWW.PEQUEPSP.ES]
2012-06-23 13:15 - 2009-07-13 21:13 - 00782102 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-23 13:11 - 2012-06-23 12:22 - 00000000 ____D C:\Users\Gary\Downloads\Grand_Theft_Auto_Liberty_City_Stories_EUR_MULTi5_PSP-MUPSP
2012-06-23 12:58 - 2012-06-23 12:25 - 282423226 ____A C:\Users\Gary\Downloads\BURNOUT LEGENDS.cso
2012-06-23 12:53 - 2012-06-23 12:28 - 170554736 ____A C:\Users\Gary\Downloads\Fight Night Round 3.cso
2012-06-23 12:20 - 2012-06-23 12:20 - 00002186 ____A C:\Users\Public\Desktop\PSP Video 9.lnk
2012-06-23 12:20 - 2012-06-23 12:20 - 00002146 ____A C:\Users\Public\Desktop\YouTube Downloader App.lnk
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Users\Gary\Documents\Regensoft
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Regensoft
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\Red Kawa
2012-06-23 12:20 - 2012-06-23 12:20 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2012-06-23 12:13 - 2012-06-23 12:10 - 19505334 ____A C:\Users\Gary\Downloads\pspvideo9-600-setup.exe
2012-06-23 12:11 - 2012-06-23 12:11 - 00000000 ____D C:\Users\Gary\Downloads\DupliFinder
2012-06-23 11:58 - 2012-06-23 11:58 - 00223531 ____A C:\Users\Gary\Downloads\DupliFinder.zip
2012-06-20 13:52 - 2012-06-20 13:44 - 271091146 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMcNish.MP4
2012-06-20 13:45 - 2012-06-20 13:44 - 13061400 ____A C:\Users\Gary\Downloads\LeMans2012-MeetingMarino.MP4
2012-06-19 07:59 - 2012-06-19 08:53 - 301149238 ____A C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
2012-06-19 07:31 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-06-19 05:48 - 2012-06-19 05:48 - 00000000 ____D C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19
2012-06-19 05:45 - 2012-06-19 05:45 - 00108178 ____A C:\Users\Gary\Downloads\Windows_7_Loader_Crack_Seven_Genuine_v2.0.4-DAZ-2012-06-19.zip
2012-06-18 21:58 - 2012-03-03 11:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-18 21:53 - 2012-06-18 12:22 - 551391098 ____A C:\Users\Gary\Downloads\ISI1044-v10-v11-FormulaRenault35s.rfmod
2012-06-18 14:00 - 2012-03-03 03:18 - 00000000 ____D C:\Users\Gary\AppData\Local\VirtualStore
2012-06-18 13:06 - 2012-06-18 13:06 - 00000000 ____D C:\Users\Gary\Downloads\Snetterton 300 track
2012-06-18 13:04 - 2012-06-18 13:04 - 00010711 ____A C:\Users\Gary\Desktop\Keys.ini
2012-06-18 12:52 - 2012-06-18 12:22 - 158990275 ____A C:\Users\Gary\Downloads\ISI1044-v11-v12-FormulaRenault35s.rfmod
2012-06-18 12:41 - 2012-06-18 12:33 - 63386619 ____A C:\Users\Gary\Downloads\Snetterton 300 track.7z
2012-06-17 23:19 - 2012-06-17 23:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Macromedia
2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Juli\Desktop\rFactor2.lnk
2012-06-17 01:34 - 2012-06-17 01:34 - 00000816 ____A C:\Users\Gary\Desktop\rFactor2.lnk
2012-06-17 01:24 - 2012-06-17 01:09 - 515492056 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build90_Setup.exe
2012-06-16 23:46 - 2012-05-03 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-16 08:57 - 2012-06-16 08:57 - 00003584 ____A C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-16 07:28 - 2012-06-16 07:28 - 00000000 ___HD C:\Users\Gary\Desktop\.picasaoriginals
2012-06-16 07:18 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\iPhone Dump
2012-06-15 23:19 - 2012-03-03 08:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-15 10:08 - 2012-06-15 10:06 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.rFactor
2012-06-14 21:54 - 2009-07-13 20:45 - 00316368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 14:00 - 2012-03-07 03:01 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-10 09:26 - 2012-06-10 09:26 - 00000000 ____D C:\Users\Gary\Downloads\autocross italia cars and tracks
2012-06-10 06:12 - 2012-06-10 01:21 - 1283868187 ____A C:\Users\Gary\Downloads\autocross italia cars and tracks.rar
2012-06-10 04:57 - 2012-06-10 04:45 - 177209098 ____A C:\Users\Gary\Downloads\PCC_2007_Setup.exe
2012-06-10 04:48 - 2012-03-07 04:04 - 00000000 ____D C:\Users\Gary\AppData\Roaming\.purple
2012-06-10 00:49 - 2012-06-10 00:49 - 00527122 ____A C:\Users\Gary\Desktop\flash.bmp
2012-06-09 12:12 - 2012-06-09 12:12 - 00002508 ____A C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
2012-06-09 12:12 - 2012-06-09 12:12 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2012-06-09 12:10 - 2012-06-09 12:10 - 02721168 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows7-USB-DVD-tool.exe
2012-06-09 11:23 - 2012-06-09 11:23 - 00001070 ____A C:\Users\Public\Desktop\Astroburn Lite.lnk
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Users\All Users\Astroburn Lite
2012-06-09 11:23 - 2012-06-09 11:23 - 00000000 ____D C:\Program Files (x86)\Astroburn Lite
2012-06-09 11:22 - 2012-06-09 11:21 - 05327264 ____A (Canneverbe Limited ) C:\Users\Gary\Downloads\cdbxp_setup_4.4.1.3184.exe
 
2012-06-09 11:10 - 2012-06-09 11:10 - 00000000 ____D C:\$WINDOWS.~BT
2012-06-09 11:10 - 2012-05-31 14:01 - 00001388 ____A C:\Users\Gary\Desktop\Install Windows.lnk
2012-06-09 11:07 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\.VirtualBox
2012-06-09 11:04 - 2012-06-09 11:03 - 00142264 ____A C:\Users\Gary\Downloads\UWT(1).zip
2012-06-08 22:46 - 2009-07-13 21:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-07 12:09 - 2012-06-07 12:07 - 74938301 ____A (GPLPS ) C:\Users\Gary\Downloads\gplinstallmax_0.97_UK.exe
2012-06-07 11:16 - 2012-06-07 11:16 - 298792988 ____A C:\Windows\MEMORY.DMP
2012-06-07 11:16 - 2012-06-07 11:16 - 00274328 ____A C:\Windows\Minidump\060712-17862-01.dmp
2012-06-07 11:16 - 2012-06-07 11:16 - 00000000 ____D C:\Windows\Minidump
2012-06-04 13:56 - 2012-06-04 13:56 - 00001045 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-04 11:11 - 2012-06-04 11:11 - 16574016 ____A (Mozilla) C:\Users\Gary\Downloads\Firefox Setup 13.0.exe
2012-06-04 03:39 - 2012-06-04 03:38 - 07730747 ____A C:\Users\Gary\Downloads\mariopaintcomposerpc.zip
2012-06-02 14:19 - 2012-06-18 21:56 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 21:56 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 21:56 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 21:56 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 21:56 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 21:56 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 21:56 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-18 21:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-18 21:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 14:04 - 2012-05-31 14:04 - 00000000 ____D C:\Users\Gary\VirtualBox VMs
2012-05-31 13:01 - 2012-05-31 13:01 - 00000000 ___RD C:\ESD
2012-05-31 12:46 - 2012-05-31 12:45 - 05350616 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ReleasePreview-UpgradeAssistant.exe
2012-05-29 10:33 - 2012-05-29 10:33 - 00004033 ____A C:\Users\Gary\Documents\feedreader.opml
2012-05-29 07:42 - 2012-05-29 07:41 - 00000000 ____D C:\Program Files (x86)\RSSOwl
2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Juli\Desktop\RSSOwl.lnk
2012-05-29 07:41 - 2012-05-29 07:41 - 00001845 ____A C:\Users\Gary\Desktop\RSSOwl.lnk
2012-05-29 07:40 - 2012-05-29 07:40 - 03960791 ____A (RSSOwl Team) C:\Users\Gary\Downloads\RSSOwl Setup 2.1.2.exe
2012-05-27 11:59 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_Pach_1-1
2012-05-27 11:59 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_1_11_update
2012-05-27 11:59 - 2012-05-27 11:54 - 00000000 ____D C:\Users\Gary\Downloads\BRKart_v1_0
2012-05-27 11:57 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\T2
2012-05-27 11:57 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\BuckmorePark
2012-05-27 11:55 - 2012-05-27 11:55 - 00000000 ____D C:\Users\Gary\Downloads\nring
2012-05-26 13:14 - 2012-05-05 22:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games
2012-05-26 13:09 - 2012-05-05 22:35 - 00000000 ____D C:\Users\Gary\AppData\Local\Microsoft Game Studios
2012-05-26 12:17 - 2012-05-26 12:17 - 00000000 ____D C:\Users\Gary\Documents\Games for Windows - LIVE Demos
2012-05-26 12:13 - 2012-05-26 12:13 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-05-26 12:13 - 2012-05-26 12:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-26 12:13 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-26 12:10 - 2012-05-26 12:10 - 00642712 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\gfwlivesetup_4d5308d2e0000001.exe
2012-05-25 10:27 - 2012-05-25 10:22 - 58881345 ____A C:\Users\Gary\Downloads\Nring2012.exe
2012-05-24 22:01 - 2012-05-24 22:01 - 00000216 ____A C:\Users\Gary\Downloads\F12012LIGUEV1.rar
2012-05-24 14:44 - 2012-05-24 11:39 - 332800000 ____A C:\Users\Gary\Downloads\F12012LIGUEV1.rar.part
2012-05-24 12:15 - 2012-05-24 12:15 - 22065580 ____A C:\Users\Gary\Downloads\T2.rar
2012-05-23 22:08 - 2012-05-20 02:36 - 00000000 ____D C:\Users\Gary\AppData\Local\Downloaded Installations
2012-05-23 22:08 - 2012-05-20 02:35 - 00000000 ____D C:\Program Files (x86)\HTC
2012-05-23 13:32 - 2012-05-23 08:57 - 00000000 ____D C:\Users\Gary\AppData\Roaming\MetroTwit
2012-05-23 08:57 - 2012-05-23 08:57 - 00000308 ____A C:\Users\Gary\Desktop\MetroTwit.appref-ms
2012-05-23 08:44 - 2012-05-23 08:44 - 00434800 ____A () C:\Users\Gary\Downloads\MetroTwitSetup.exe
2012-05-22 14:31 - 2012-05-22 13:45 - 140462323 ____A C:\Users\Gary\Downloads\BRKart_Pach_1-1.rar
2012-05-22 14:21 - 2012-05-22 13:41 - 70960364 ____A C:\Users\Gary\Downloads\BuckmorePark.rar
2012-05-22 14:10 - 2012-05-22 13:44 - 231914545 ____A C:\Users\Gary\Downloads\BRKart_v1_0.rar
2012-05-22 13:56 - 2012-05-22 13:42 - 377955143 ____A () C:\Users\Gary\Downloads\F1 1976 LE v1.1.exe
2012-05-22 13:48 - 2012-05-22 13:46 - 23242633 ____A C:\Users\Gary\Downloads\BRKart_1_11_update.rar
2012-05-22 05:29 - 2012-03-04 15:20 - 00000000 ____D C:\Users\Gary\AppData\Local\Paint.NET
2012-05-21 22:08 - 2012-05-20 02:35 - 00023262 ____A C:\Windows\DPINST.LOG
2012-05-21 13:37 - 2012-05-21 13:37 - 00259702 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-05-20 02:57 - 2012-05-20 02:57 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-20 02:49 - 2012-05-20 02:17 - 00000000 ____D C:\ruu_log
2012-05-20 02:48 - 2012-05-20 02:43 - 157814460 ____A (Acresso Software Inc. ) C:\Users\Gary\Downloads\RUU_Bravo_TMO_UK_1.21.110.4_Radio_32.36.00.28U_4.06.00.02_2_release_127570_signed.exe
2012-05-20 02:48 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\Defy Dump
2012-05-20 02:35 - 2012-05-20 02:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-05-20 02:35 - 2012-05-20 02:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-05-20 02:35 - 2012-03-12 03:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-05-20 02:35 - 2012-03-12 02:52 - 00000000 ____D C:\Users\Gary\AppData\Local\Adobe
2012-05-20 02:35 - 2012-03-12 02:28 - 00000000 ____D C:\Users\All Users\Adobe
2012-05-20 02:35 - 2012-03-04 19:10 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-20 02:35 - 2012-03-03 08:22 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Adobe
2012-05-20 02:27 - 2012-05-20 02:22 - 160724984 ____A (HTC Corporation ) C:\Users\Gary\Downloads\setup_3.2.10.exe
2012-05-20 02:19 - 2012-05-20 02:14 - 189028561 ____A C:\Users\Gary\Downloads\JRDNEM_U3_3.4.2_179-6.1_BLUR_SIGN_SIGNED_USAJRDNEMARAB1B8TMGB03A.0R_PDS03C_USAJRDNFRYOTMGB_P023_A011_M003_HWp3_Service1FF.sbf.gz
2012-05-20 02:11 - 2012-05-20 02:05 - 176514251 ____A (Acresso Software Inc. ) C:\Users\Gary\Downloads\RUU_Bravo_Froyo_HTC_WWE_2.29.405.2_Radio_32.49.00.32U_5.11.05.27_release_151783_signed.exe
2012-05-20 02:05 - 2012-05-20 02:04 - 30296536 ____A C:\Users\Gary\Downloads\OTA_Bravo_Froyo_HTC_WWE_2.29.405.2-2.10.405.2_R_P_release8gn61bgo3rswcw24.zip
2012-05-20 01:45 - 2012-05-20 01:45 - 00000000 ____D C:\Users\Gary\Desire Dump
2012-05-19 03:04 - 2012-05-19 03:04 - 00270240 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-05-19 03:04 - 2012-05-16 13:04 - 00270240 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-05-19 03:03 - 2012-05-19 03:03 - 00000000 ____D C:\Users\Gary\AppData\Local\PunkBuster
2012-05-17 18:47 - 2012-06-14 13:57 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 13:57 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 13:57 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 13:57 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 13:57 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 13:57 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 13:57 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 13:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 13:57 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 13:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 13:57 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 13:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 13:57 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 13:57 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 13:57 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 13:57 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 13:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 13:57 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 13:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 13:57 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 13:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 13:57 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 13:57 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 13:57 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 13:57 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 13:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 13:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-17 13:12 - 2012-05-17 13:12 - 00000000 ____D C:\Users\Gary\Downloads\Chernobyl NPP v1.3
2012-05-17 13:11 - 2012-05-17 12:53 - 00000000 ____D C:\Users\Gary\Documents\Battlefield Heroes
2012-05-16 13:04 - 2012-05-16 13:04 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-05-16 13:04 - 2012-05-16 13:04 - 00075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-16 12:39 - 2012-05-16 12:39 - 00000000 ____D C:\Program Files (x86)\EA Games
2012-05-15 19:53 - 2012-06-05 07:18 - 00000000 ____D C:\Users\Gary\Downloads\GameData
2012-05-15 12:45 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-05-15 12:39 - 2012-05-15 12:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2012-05-15 12:39 - 2012-05-15 12:39 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_winusb_01009.Wdf
2012-05-14 17:32 - 2012-06-14 00:22 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 12:15 - 2012-05-14 12:14 - 39310218 ____A C:\Users\Gary\Downloads\Chernobyl NPP v1.3.7z
2012-05-13 13:41 - 2012-05-13 13:41 - 00000000 ____D C:\Users\Gary\Downloads\FDGSpecialEvents Frank n Beanz Ring - Manual Install
2012-05-13 00:29 - 2012-04-15 02:33 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-13 00:29 - 2012-04-15 02:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 02:51 - 2012-05-12 02:51 - 00000000 ___RD C:\Users\Gary\Podcasts
2012-05-12 02:51 - 2012-05-12 02:49 - 00000000 ____D C:\Program Files\Zune
2012-05-12 02:49 - 2012-05-12 02:49 - 00000927 ____A C:\Users\Public\Desktop\Zune.lnk
2012-05-12 02:38 - 2012-05-12 02:35 - 105664248 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\ZuneSetupPkg.exe
2012-05-11 14:00 - 2012-05-11 13:59 - 49881947 ____A C:\Users\Gary\Downloads\FDGSpecialEvents Frank n Beanz Ring - Manual Install.zip
2012-05-10 14:01 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 13:34 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\Flat_v1_1_for_Rainmeter_by_theking9794
2012-05-10 13:22 - 2012-05-10 13:22 - 00000000 ____D C:\Windows\W7SBC
2012-05-10 13:21 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\W7SBC
2012-05-10 13:21 - 2012-05-10 13:21 - 00000000 ____D C:\Users\Gary\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae
2012-05-10 13:21 - 2012-03-03 03:25 - 00069816 ____A C:\Users\Gary\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-10 11:05 - 2012-05-10 11:05 - 00613947 ____A C:\Users\Gary\Downloads\W7SBC.zip
2012-05-10 11:05 - 2012-05-10 11:05 - 00003366 ____A C:\Users\Gary\Downloads\token_orb_animated___coloured_by_kingmoeha-d35s5ae.rar
2012-05-10 11:04 - 2012-05-10 11:04 - 00096158 ____A C:\Users\Gary\Downloads\elementary_rainmeter_1_4_3_by_flyinghyrax-d41afl8.rmskin
2012-05-10 11:03 - 2012-05-10 11:03 - 03515821 ____A C:\Users\Gary\Downloads\Flat_v1_1_for_Rainmeter_by_theking9794.zip
2012-05-10 07:55 - 2012-05-10 07:55 - 00000000 ____D C:\Users\Gary\Documents\NTB
2012-05-10 07:48 - 2012-05-10 07:48 - 00000000 ____D C:\Users\Gary\Documents\Rainmeter
2012-05-10 07:48 - 2012-05-10 07:48 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Rainmeter
2012-05-10 07:46 - 2012-05-10 07:46 - 00000000 ____D C:\Program Files\Rainmeter
2012-05-10 07:45 - 2012-05-10 07:45 - 01392000 ____A C:\Users\Gary\Downloads\Rainmeter-2.2.exe
2012-05-07 14:32 - 2012-05-07 14:32 - 00000000 ____D C:\Users\Gary\Downloads\SandownRaceway
2012-05-07 13:34 - 2012-05-07 13:32 - 39837120 ____A C:\Users\Gary\Downloads\SandownRaceway.rar
2012-05-06 23:13 - 2012-04-27 14:17 - 00018157 ____A C:\Users\Gary\Documents\Budget 2012.ods
2012-05-06 07:36 - 2012-05-06 07:35 - 00000000 ____D C:\Users\Gary\Downloads\AlcazabaSpeedRing V1200
2012-05-06 07:35 - 2012-05-06 07:28 - 103563611 ____A C:\Users\Gary\Downloads\AlcazabaSpeedRing V1200.rar
2012-05-06 03:01 - 2012-05-06 03:01 - 00286720 ____A (Indigo Rose Corporation) C:\Windows\iun506.exe
2012-05-06 03:01 - 2012-05-05 22:42 - 00000000 ____D C:\Users\Gary\Documents\Flight Simulator X Files
2012-05-06 03:00 - 2012-05-06 03:00 - 00000000 ____D C:\Users\Gary\Downloads\vfrairfields-vol1demo
2012-05-06 02:59 - 2012-05-06 02:58 - 34650856 ____A C:\Users\Gary\Downloads\vfrairfields-vol1demo.zip
2012-05-05 22:37 - 2012-05-05 22:23 - 00000000 ____D C:\Users\Gary\Desktop\Crack
2012-05-05 22:36 - 2012-03-03 08:56 - 00320674 ____A C:\Windows\DirectX.log
2012-05-05 22:28 - 2012-05-05 22:28 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-05-05 22:15 - 2012-05-05 22:15 - 00000000 ____D C:\Windows\PCHEALTH
2012-05-05 22:13 - 2012-05-05 22:10 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-05-05 22:12 - 2012-05-05 22:10 - 00000000 ____D C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
2012-05-05 22:10 - 2012-05-05 22:10 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-05-05 22:10 - 2012-05-05 22:10 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2012-05-05 22:09 - 2012-05-05 22:09 - 14229744 ____A (DT Soft Ltd) C:\Users\Gary\Downloads\DTLite4454-0315.exe
2012-05-05 15:02 - 2012-05-05 09:53 - 00000000 ____D C:\Users\Gary\Downloads\Flight Simulator X + Acceleration
2012-05-05 10:12 - 2012-05-05 10:12 - 02105040 ____A (PeerBlock, LLC ) C:\Users\Gary\Downloads\PeerBlock-Setup_v1.1_r518.exe
2012-05-05 10:10 - 2012-05-05 10:10 - 00891724 ____A (Phoenix Labs ) C:\Users\Gary\Downloads\pg2-051118-nt.exe
2012-05-05 07:37 - 2012-05-05 07:36 - 13351032 ____A (Genie9) C:\Users\Gary\Downloads\GenieTimeline3Free.exe
2012-05-04 03:06 - 2012-06-14 00:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:41 - 2012-05-04 02:41 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-04 02:41 - 2012-05-04 02:41 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-04 02:41 - 2012-05-04 02:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-04 02:41 - 2012-05-04 02:41 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 02:41 - 2012-05-04 02:41 - 00000000 ____D C:\Program Files (x86)\Java
2012-05-04 02:41 - 2012-03-07 03:11 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 02:39 - 2012-05-04 02:39 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Gary\Downloads\jxpiinstall.exe
2012-05-04 02:05 - 2012-05-04 02:05 - 00000000 ____D C:\Program Files\Charles
2012-05-04 02:04 - 2012-05-04 02:03 - 07856128 ____A C:\Users\Gary\Downloads\charles-proxy_3.6.5_x64.msi
2012-05-04 02:03 - 2012-06-14 00:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 00:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 00:24 - 2012-05-04 00:24 - 00483328 ____A (Simon Tatham) C:\Users\Gary\Downloads\putty.exe
2012-05-03 14:07 - 2012-05-03 14:07 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-03 12:24 - 2012-05-03 12:24 - 05233720 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Windows8-ConsumerPreview-setup.exe
2012-04-29 12:05 - 2012-04-29 12:05 - 00000000 ____D C:\Users\Gary\Downloads\CoffsHarbour105
2012-04-29 10:18 - 2012-04-29 09:55 - 00000000 ____D C:\Users\Gary\Documents\CARS
2012-04-29 09:39 - 2012-04-29 09:39 - 00001061 ____A C:\Users\Public\Desktop\Project CARS -DX11.lnk
2012-04-29 09:39 - 2012-04-29 09:39 - 00001049 ____A C:\Users\Public\Desktop\Project CARS.lnk
2012-04-29 09:34 - 2012-04-29 09:34 - 00000000 ____D C:\Program Files (x86)\WMD
2012-04-29 09:34 - 2012-04-29 09:33 - 00000000 ____D C:\Program Files\Project CARS
2012-04-29 09:32 - 2012-04-29 09:32 - 00000000 ____D C:\Program Files\New folder
2012-04-29 09:29 - 2012-04-29 07:56 - 3209219122 ____A C:\Users\Gary\Downloads\pCARS_0189_pre-alpha_PC-EXT_SFX.exe
2012-04-29 07:57 - 2012-03-06 14:43 - 505545008 ____A (Image Space Incorporated) C:\Users\Gary\Downloads\rFactor2_Build49_Setup.exe
2012-04-29 06:03 - 2012-04-29 05:54 - 158639608 ____A C:\Users\Gary\Downloads\CoffsHarbour105.zip
2012-04-28 12:44 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Gary\Documents\ShipSimExtremesDemo Userdata
2012-04-28 12:44 - 2012-04-28 12:44 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Quest3D
2012-04-28 12:43 - 2012-04-28 12:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-27 22:11 - 2012-04-27 22:11 - 00000000 ____D C:\Users\Public\Documents\sun
2012-04-27 19:55 - 2012-06-14 00:22 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 15:01 - 2012-04-27 15:01 - 00001096 ____A C:\Users\Public\Desktop\LibreOffice 3.5.lnk
2012-04-27 15:01 - 2012-04-27 15:00 - 00000000 ____D C:\Program Files (x86)\LibreOffice 3.5
2012-04-27 15:01 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\ShellNew
2012-04-27 14:49 - 2012-04-27 14:40 - 211537920 ____A C:\Users\Gary\Downloads\LibO_3.5.2_Win_x86_install_multi.msi
2012-04-27 13:30 - 2012-04-27 13:29 - 00000000 ____D C:\Users\Gary\Downloads\maggiora
2012-04-27 12:50 - 2012-04-27 12:49 - 09267066 ____A C:\Users\Gary\Downloads\minirx.rar
2012-04-27 12:49 - 2012-04-27 12:43 - 42610851 ____A C:\Users\Gary\Downloads\maggiora.rar
2012-04-27 12:44 - 2012-04-27 12:42 - 41970650 ____A C:\Users\Gary\Downloads\Kart Cross 1.00.rar
2012-04-25 21:41 - 2012-06-14 00:23 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 00:23 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 00:23 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 09:30 - 2012-03-03 08:19 - 00000000 ____D C:\Users\Gary\AppData\Local\Google
2012-04-25 02:57 - 2012-04-25 02:57 - 00002137 ____A C:\Users\Gary\Documents\Dispute text.rtf
2012-04-25 00:56 - 2012-03-04 00:53 - 00000000 ____D C:\Users\Gary\AppData\Roaming\Feedreader
2012-04-24 07:21 - 2012-04-24 07:21 - 00000894 ____A C:\Users\Gary\Downloads\favicon.ico
2012-04-24 00:57 - 2012-04-24 00:57 - 00090253 ____A C:\Users\Gary\Downloads\winroll-2.0.exe
2012-04-23 08:31 - 2012-04-23 08:31 - 00000000 ____D C:\Users\Gary\AppData\Local\ActiveState
2012-04-23 08:30 - 2012-04-23 08:30 - 00001974 ____A C:\Users\Public\Desktop\Komodo Edit 7.lnk
2012-04-23 08:29 - 2012-04-23 08:29 - 00000000 ____D C:\Program Files (x86)\ActiveState Komodo Edit 7
2012-04-23 04:20 - 2012-04-23 04:18 - 50445312 ____A C:\Users\Gary\Downloads\Komodo-Edit-7.0.2-9923.msi
2012-04-22 03:55 - 2012-04-22 03:55 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-04-22 03:55 - 2012-03-04 12:11 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-21 23:44 - 2012-04-21 23:44 - 00000000 ____D C:\Program Files\Oracle
2012-04-21 23:42 - 2012-04-21 23:40 - 94073136 ____A (Oracle Corporation) C:\Users\Gary\Downloads\VirtualBox-4.1.12-77245-Win.exe
2012-04-15 07:34 - 2012-04-15 07:34 - 00272445 ____A C:\Users\Gary\Downloads\photo.php
2012-04-15 02:38 - 2012-04-15 02:38 - 00002355 ____A C:\Users\Gary\Desktop\Sky Go Desktop.lnk
2012-04-15 02:32 - 2012-04-15 02:31 - 13072536 ____A (Microsoft Corporation) C:\Users\Gary\Downloads\Silverlight_x64.exe
2012-04-13 01:44 - 2009-07-13 18:34 - 00000441 ____A C:\Windows\win.ini
2012-04-12 06:35 - 2012-04-11 05:50 - 00000000 ____D C:\Users\Gary\AppData\Local\Microsoft Games
2012-04-12 06:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-04-11 04:28 - 2012-04-11 04:28 - 00000000 ____D C:\Users\Gary\AppData\Roaming\LibreOffice
2012-04-09 02:18 - 2012-04-09 02:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-08 04:59 - 2012-04-08 04:59 - 00066984 ____A C:\Users\Juli\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-08 04:59 - 2012-04-08 04:59 - 00000020 ___SH C:\Users\Juli\ntuser.ini
2012-04-08 04:59 - 2012-04-08 04:59 - 00000000 ____D C:\Users\Juli\AppData\Local\VirtualStore
2012-04-08 04:59 - 2012-04-08 04:59 - 00000000 ____D C:\users\Juli
2012-04-04 06:56 - 2012-06-25 13:08 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 05:19 - 2012-04-21 23:44 - 00224048 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-04-03 05:19 - 2012-04-21 23:44 - 00130864 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-04-03 05:19 - 2012-04-03 05:19 - 00320816 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-04-03 05:19 - 2012-04-03 05:19 - 00166192 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-04-03 05:19 - 2012-04-03 05:19 - 00147248 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-04-02 05:31 - 2012-04-02 05:31 - 00000000 ____D C:\Users\Gary\Documents\SimBin
2012-04-02 04:07 - 2012-03-04 10:06 - 00000000 ____D C:\Users\Gary\AppData\Local\Apps\F.lux
2012-03-30 03:35 - 2012-05-09 22:02 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 03:14 - 2012-03-30 03:13 - 00000000 ____D C:\xampp
2012-03-30 03:12 - 2012-03-30 03:10 - 84881998 ____A C:\Users\Gary\Downloads\xampp-win32-1.7.7-VC9-installer.exe
2012-03-30 03:10 - 2012-03-30 03:07 - 00000000 ____D C:\wamp
2012-03-30 03:07 - 2012-03-30 03:06 - 26024903 ____A (Hervé Leclerc (HeL) ) C:\Users\Gary\Downloads\wampserver2.2d-x64.exe

ZeroAccess:
C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}
C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\L
C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\U

ZeroAccess:
C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}
C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\@
C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\L
C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8190.49 MB
Available physical RAM: 7392.66 MB
Total Pagefile: 8188.64 MB
Available Pagefile: 7384.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:277.48 GB) (Free:33.28 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (New Volume) (Fixed) (Total:20.02 GB) (Free:19.92 GB) NTFS
4 Drive g: (New Volume) (Fixed) (Total:20.51 GB) (Free:5.49 GB) NTFS
6 Drive I: (WINBACK) (Fixed) (Total:186 GB) (Free:55.74 GB) FAT32
7 Drive j: (USB2) (Removable) (Total:3.73 GB) (Free:0.01 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (New Volume) (Fixed) (Total:129.03 GB) (Free:124.42 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 1024 KB
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 465 GB 128 MB
Disk 3 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 129 GB 1024 KB
Partition 2 Primary 20 GB 129 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y New Volume NTFS Partition 129 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 20 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 277 GB 101 MB
Partition 3 Primary 20 GB 277 GB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 277 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G New Volume NTFS Partition 20 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 200 MB 512 B
Partition 2 Primary 279 GB 200 MB
Partition 3 Primary 186 GB 279 GB

======================================================================================================

Disk: 2
Partition 1
Type : EE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 2
Partition 2
Type : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 2
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I WINBACK FAT32 Partition 186 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J USB2 FAT32 Removable 3820 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-18 04:59

======================= End Of Log ==========================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    2.1 KB · Views: 3
Ok, here's the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-27 21:50:53 Run:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
68b814fec318ebc3 service deleted successfully.
HKEY_USERS\Gary\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
C:\Windows\System32\services.exe.7D18329E94516DCB moved successfully.
C:\Windows\System32\services.exe.688D6AAB913CC93F moved successfully.
C:\Windows\System32\services.exe.DCF27A594CA36169 moved successfully.
C:\Windows\System32\services.exe.6D4B17950EBA7705 moved successfully.
C:\Windows\System32\services.exe.4FF89BF300A76428 moved successfully.
C:\Windows\System32\services.exe.917D8942AD94DB84 moved successfully.
C:\Windows\System32\services.exe.B137DDBB62458F10 moved successfully.
C:\Windows\System32\services.exe.9F08FF7D297B9CC7 moved successfully.
C:\Windows\System32\services.exe.46E3CDF4A4524BD6 moved successfully.
C:\Windows\System32\services.exe.ADB0C22F79DB6DB5 moved successfully.
C:\Windows\System32\services.exe.F4FD13ADB3D9A690 moved successfully.
C:\Windows\System32\services.exe.47803BD757A17FC4 moved successfully.
C:\Windows\System32\services.exe.29C16522D746982F moved successfully.
C:\Windows\System32\services.exe.D51983B2DB21FA61 moved successfully.
C:\Windows\Installer\{6b294ad7-e829-f77e-a1e4-598fb2d738a2} moved successfully.
C:\Users\Gary\AppData\Local\{6b294ad7-e829-f77e-a1e4-598fb2d738a2} moved successfully.

==== End of Fixlog ====

I'm now going to move on to the ComboFix bit.
 
...incidentally, when I rebooted I started to get the UAC prompt to run what I assume is the main offender .exe from my home directory. It kept popping back up as quickly as I could click no, so I'm in Safe Mode with Networking.
 
C:\ComboFix.txt:

ComboFix 12-06-27.01 - Gary 27/06/2012 22:05:29.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.7090 [GMT 1:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gary\0i763f66bz.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 21:12 . 2012-06-27 21:12 -------- d-----w- c:\users\Juli\AppData\Local\temp
2012-06-27 21:12 . 2012-06-27 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 15:35 . 2012-06-27 15:36 -------- d-----w- C:\FRST
2012-06-27 09:47 . 2012-06-27 10:55 -------- d-----w- c:\users\Gary\AppData\Roaming\Charles
2012-06-27 09:46 . 2012-06-27 09:46 -------- d-----w- c:\program files\Charles
2012-06-27 09:42 . 2012-06-27 09:41 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-27 09:42 . 2012-06-27 09:41 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-27 09:41 . 2012-06-27 09:41 -------- d-----w- c:\program files\Java
2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Oracle
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 21:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:06 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-25 20:06 . 2012-02-09 13:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
2012-06-25 20:05 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CFB3B40-5CC3-4B83-BCCE-1BA72FDE5EC6}\mpengine.dll
2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-25 05:49 . 2012-06-25 05:49 74184 ----a-w- c:\windows\system32\drivers\68b814fec318ebc3.sys
2012-06-24 18:19 . 2012-06-24 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Regensoft
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Red Kawa
2012-06-19 05:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:55 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:55 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 07:19 . 2012-06-18 07:19 -------- d-----w- c:\users\Gary\AppData\Local\Macromedia
2012-06-15 18:06 . 2012-06-15 18:08 -------- d-----w- c:\users\Gary\AppData\Roaming\.rFactor
2012-06-14 08:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 08:23 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 08:23 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 08:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 08:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 08:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 20:12 . 2012-06-09 20:12 119808 ----a-r- c:\users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\program files (x86)\Astroburn Lite
2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\programdata\Astroburn Lite
2012-06-09 19:10 . 2012-06-09 19:10 -------- d-----w- C:\$WINDOWS.~BT
2012-06-04 21:56 . 2012-06-16 07:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-04 21:56 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-04 21:56 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\users\Gary\VirtualBox VMs
2012-05-31 22:04 . 2012-06-09 19:07 -------- d-----w- c:\users\Gary\.VirtualBox
2012-05-31 21:01 . 2012-05-31 21:01 -------- d-----r- C:\ESD
2012-05-29 15:42 . 2012-06-27 07:24 -------- d-----w- c:\users\Gary\.rssowl2
2012-05-29 15:41 . 2012-05-29 15:42 -------- d-----w- c:\program files (x86)\RSSOwl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 18:16 . 2012-04-13 09:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 18:16 . 2012-03-07 09:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 20:18 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-26 20:18 . 2009-08-18 10:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-19 11:04 . 2012-05-19 11:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-19 11:04 . 2012-05-16 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-16 21:04 . 2012-05-16 21:04 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-16 21:04 . 2012-05-16 21:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-06 11:01 . 2012-05-06 11:01 286720 ----a-w- c:\windows\iun506.exe
2012-05-06 06:10 . 2012-05-06 06:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 18:29 . 2012-05-04 10:41 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 18:29 . 2012-03-07 11:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-03 13:19 . 2012-04-22 07:44 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 13:19 . 2012-04-22 07:44 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-30 11:35 . 2012-05-10 06:02 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_19.48.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-27 21:14 . 2012-06-27 21:14 32867 c:\windows\temp\pdk-SYSTEM\fdd245dad343408ec5c5ce822278a3ef.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 36974 c:\windows\temp\pdk-SYSTEM\fabb8899d82671db2035759037c5c21d.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 24690 c:\windows\temp\pdk-SYSTEM\ec88994dca352281e37972313e1051d3.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 24676 c:\windows\temp\pdk-SYSTEM\e45711c2662171c15cd763238e7b579b.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 20591 c:\windows\temp\pdk-SYSTEM\dad8a2781d545b007729f2cb48fd26bf.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 82045 c:\windows\temp\pdk-SYSTEM\bd861f3e03052af93272c100d252f5e2.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 77921 c:\windows\temp\pdk-SYSTEM\97a2e6443b947d806decd51d47431523.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 36987 c:\windows\temp\pdk-SYSTEM\93e87ef6c56dffc312be353e105d2794.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 20573 c:\windows\temp\pdk-SYSTEM\928eff5d1bf763abff3068620c0b86b8.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 24673 c:\windows\temp\pdk-SYSTEM\50950b5b470c0d52ac0033d613e39f91.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 20587 c:\windows\temp\pdk-SYSTEM\447fb48712dd486a9cd82c51b98d23f0.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 24676 c:\windows\temp\pdk-SYSTEM\41aee7954778794bd4714ea7448138b2.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 28787 c:\windows\temp\pdk-SYSTEM\38ef4e4ee11476ccc691137589cfffb6.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 28772 c:\windows\temp\pdk-SYSTEM\353910329d0410f90709321989f5da58.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 20584 c:\windows\temp\pdk-SYSTEM\2ccfaf7bb3a4cf27fd33fe6d3bb6e380.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 41077 c:\windows\temp\pdk-SYSTEM\28e3b3c92d9d2a4e693dcf4167d15435.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 24667 c:\windows\temp\pdk-SYSTEM\222b2cd286d7221e4a55e436c190dd48.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 41085 c:\windows\temp\pdk-SYSTEM\0b1a35256e897f33b9748ab0b6d0033d.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 41064 c:\windows\temp\pdk-SYSTEM\04aaed0c4ab04791dc4e497c377d373b.dll
+ 2009-07-14 04:54 . 2012-06-27 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-25 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-27 07:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 07:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 07:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-03 16:11 . 2012-06-27 21:15 39728 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 21:15 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-27 14:25 . 2011-04-27 14:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 12:18 . 2011-04-18 12:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2012-04-30 22:53 . 2012-06-25 20:51 4954 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-03 16:05 . 2012-06-27 21:15 9562 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-432926832-3655622850-39131558-1000_UserData.bin
- 2012-06-25 19:47 . 2012-06-25 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 19:47 . 2012-06-25 19:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-27 21:14 . 2012-06-27 21:14 696435 c:\windows\temp\pdk-SYSTEM\ecefdc6daba859e2c7e17fc15ad129ff.dll
+ 2012-06-27 21:14 . 2012-06-27 21:14 815187 c:\windows\temp\pdk-SYSTEM\aa33d263ba8b3dd9f60e51317caf233f\perl58.dll
+ 2012-06-27 09:33 . 2012-05-04 18:29 227720 c:\windows\SysWOW64\javaws.exe
+ 2012-05-04 10:41 . 2012-06-27 09:38 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-05-04 10:41 . 2012-06-27 09:38 174064 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2012-06-25 20:02 654020 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-25 05:58 654020 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 20:02 121852 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-25 05:58 121852 c:\windows\system32\perfc009.dat
+ 2012-06-27 09:42 . 2012-06-27 09:41 268720 c:\windows\system32\javaws.exe
+ 2012-06-27 09:42 . 2012-06-27 09:41 189360 c:\windows\system32\javaw.exe
+ 2012-06-27 09:42 . 2012-06-27 09:41 188840 c:\windows\system32\java.exe
+ 2011-04-18 12:18 . 2011-04-18 12:18 189440 c:\windows\system32\drivers\MpFilter.sys
+ 2009-07-14 05:01 . 2012-06-27 20:41 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-25 19:46 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-27 09:41 . 2012-06-27 09:41 891392 c:\windows\Installer\8021aa.msi
+ 2012-06-27 09:34 . 2012-06-27 09:34 179200 c:\windows\Installer\801f07.msi
+ 2012-06-27 09:33 . 2012-06-27 09:33 461312 c:\windows\Installer\801ef1.msi
+ 2012-06-27 09:40 . 2012-06-27 09:40 7856128 c:\windows\Installer\8021ae.msi
+ 2011-05-19 16:23 . 2011-05-19 16:23 2708992 c:\windows\Installer\2fca0.msi
+ 2011-06-15 13:51 . 2011-06-15 13:51 1911808 c:\windows\Installer\2fc96.msi
+ 2012-03-03 19:14 . 2012-06-27 20:41 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
+ 2012-06-27 09:37 . 2012-06-27 09:37 17379328 c:\windows\Installer\80217b.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Gary\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-06 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-3-5 380928]
MDaemon - Shortcut.lnk - c:\program files (x86)\MDaemon\App\MDaemon.exe [2012-4-13 1433600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 MDaemon;MDaemon;c:\progra~2\MDaemon\APP\MDAEMON.EXE [2012-03-03 1433600]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2012-02-14 2169056]
S2 WebAdmin;WebAdmin Server;c:\progra~2\MDaemon\WebAdmin\WebAdmin.exe [2010-06-22 215040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-03-04 12904]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:16]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
TCP: Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
FF - prefs.js: browser.startup.homepage - about:newtab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-0i763f66bz - c:\users\Gary\0i763f66bz.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\MDaemon\APP\CFEngine.exe
c:\progra~2\MDaemon\WorldClient\WorldClient.exe
c:\progra~2\MDaemon\SpamAssassin\MDSpamD.exe
.
**************************************************************************
.
Completion time: 2012-06-27 22:25:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 21:25
ComboFix2.txt 2012-06-25 20:48
ComboFix3.txt 2012-06-25 19:53
.
Pre-Run: 35,887,665,152 bytes free
Post-Run: 35,780,378,624 bytes free
.
- - End Of File - - 30B78A51A611A8D9EB6F1E6FE326BFCD
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\system32\drivers\68b814fec318ebc3.sys

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Here you go:

ComboFix 12-06-27.01 - Gary 27/06/2012 23:28:21.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6244 [GMT 1:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
Command switches used :: c:\users\Gary\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\68b814fec318ebc3.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\68b814fec318ebc3.sys
c:\windows\TEMP\pdk-SYSTEM\04aaed0c4ab04791dc4e497c377d373b.dll
c:\windows\TEMP\pdk-SYSTEM\0b1a35256e897f33b9748ab0b6d0033d.dll
c:\windows\TEMP\pdk-SYSTEM\222b2cd286d7221e4a55e436c190dd48.dll
c:\windows\TEMP\pdk-SYSTEM\28e3b3c92d9d2a4e693dcf4167d15435.dll
c:\windows\TEMP\pdk-SYSTEM\2ccfaf7bb3a4cf27fd33fe6d3bb6e380.dll
c:\windows\TEMP\pdk-SYSTEM\353910329d0410f90709321989f5da58.dll
c:\windows\TEMP\pdk-SYSTEM\38ef4e4ee11476ccc691137589cfffb6.dll
c:\windows\TEMP\pdk-SYSTEM\41aee7954778794bd4714ea7448138b2.dll
c:\windows\TEMP\pdk-SYSTEM\447fb48712dd486a9cd82c51b98d23f0.dll
c:\windows\TEMP\pdk-SYSTEM\50950b5b470c0d52ac0033d613e39f91.dll
c:\windows\TEMP\pdk-SYSTEM\928eff5d1bf763abff3068620c0b86b8.dll
c:\windows\TEMP\pdk-SYSTEM\93e87ef6c56dffc312be353e105d2794.dll
c:\windows\TEMP\pdk-SYSTEM\97a2e6443b947d806decd51d47431523.dll
c:\windows\TEMP\pdk-SYSTEM\aa33d263ba8b3dd9f60e51317caf233f\perl58.dll
c:\windows\TEMP\pdk-SYSTEM\bd861f3e03052af93272c100d252f5e2.dll
c:\windows\TEMP\pdk-SYSTEM\dad8a2781d545b007729f2cb48fd26bf.dll
c:\windows\TEMP\pdk-SYSTEM\e45711c2662171c15cd763238e7b579b.dll
c:\windows\TEMP\pdk-SYSTEM\ec88994dca352281e37972313e1051d3.dll
c:\windows\TEMP\pdk-SYSTEM\ecefdc6daba859e2c7e17fc15ad129ff.dll
c:\windows\TEMP\pdk-SYSTEM\fabb8899d82671db2035759037c5c21d.dll
c:\windows\TEMP\pdk-SYSTEM\fdd245dad343408ec5c5ce822278a3ef.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-27 22:33 . 2012-06-27 22:33 -------- d-----w- c:\users\Juli\AppData\Local\temp
2012-06-27 22:33 . 2012-06-27 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-27 21:38 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-27 21:38 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E33BD745-0366-4E1C-9BEC-557926C26886}\mpengine.dll
2012-06-27 21:20 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ECFD07D-9CD6-4C35-961F-00FE39C2348B}\mpengine.dll
2012-06-27 15:35 . 2012-06-27 15:36 -------- d-----w- C:\FRST
2012-06-27 09:47 . 2012-06-27 10:55 -------- d-----w- c:\users\Gary\AppData\Roaming\Charles
2012-06-27 09:46 . 2012-06-27 09:46 -------- d-----w- c:\program files\Charles
2012-06-27 09:42 . 2012-06-27 09:41 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-27 09:42 . 2012-06-27 09:41 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-27 09:41 . 2012-06-27 09:41 -------- d-----w- c:\program files\Java
2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-27 09:34 . 2012-06-27 09:34 -------- d-----w- c:\program files (x86)\Oracle
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\users\Gary\AppData\Roaming\Malwarebytes
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 21:08 . 2012-06-25 21:08 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 21:08 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:06 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-25 20:06 . 2012-02-09 13:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{801131B4-5D8F-4BFF-BF66-B66F97F6C4DE}\gapaengine.dll
2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-25 20:02 . 2012-06-25 20:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-24 18:19 . 2012-06-24 18:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Regensoft
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-06-23 20:20 . 2012-06-23 20:20 -------- d-----w- c:\program files (x86)\Red Kawa
2012-06-19 05:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:55 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:55 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 07:19 . 2012-06-18 07:19 -------- d-----w- c:\users\Gary\AppData\Local\Macromedia
2012-06-15 18:06 . 2012-06-15 18:08 -------- d-----w- c:\users\Gary\AppData\Roaming\.rFactor
2012-06-14 08:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 08:23 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 08:23 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 08:22 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 08:22 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 08:22 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 08:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 08:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-09 20:12 . 2012-06-09 20:12 119808 ----a-r- c:\users\Gary\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\program files (x86)\Astroburn Lite
2012-06-09 19:23 . 2012-06-09 19:23 -------- d-----w- c:\programdata\Astroburn Lite
2012-06-09 19:10 . 2012-06-09 19:10 -------- d-----w- C:\$WINDOWS.~BT
2012-06-04 21:56 . 2012-06-16 07:19 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-04 21:56 . 2012-06-01 15:39 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-04 21:56 . 2012-06-01 15:39 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 22:04 . 2012-05-31 22:04 -------- d-----w- c:\users\Gary\VirtualBox VMs
2012-05-31 22:04 . 2012-06-09 19:07 -------- d-----w- c:\users\Gary\.VirtualBox
2012-05-31 21:01 . 2012-05-31 21:01 -------- d-----r- C:\ESD
2012-05-29 15:42 . 2012-06-27 07:24 -------- d-----w- c:\users\Gary\.rssowl2
2012-05-29 15:41 . 2012-05-29 15:42 -------- d-----w- c:\program files (x86)\RSSOwl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 18:16 . 2012-04-13 09:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 18:16 . 2012-03-07 09:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-26 20:18 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-05-26 20:18 . 2009-08-18 10:24 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-19 11:04 . 2012-05-19 11:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-19 11:04 . 2012-05-16 21:04 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-16 21:04 . 2012-05-16 21:04 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-16 21:04 . 2012-05-16 21:04 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-06 11:01 . 2012-05-06 11:01 286720 ----a-w- c:\windows\iun506.exe
2012-05-06 06:10 . 2012-05-06 06:10 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-04 18:29 . 2012-05-04 10:41 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 18:29 . 2012-03-07 11:11 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-03 13:19 . 2012-04-22 07:44 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-03 13:19 . 2012-04-22 07:44 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-03-30 11:35 . 2012-05-10 06:02 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-27_21.14.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-03 16:11 . 2012-06-27 22:37 39886 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-27 21:15 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-27 22:37 38300 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-03 16:05 . 2012-06-27 22:37 9618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-432926832-3655622850-39131558-1000_UserData.bin
+ 2012-06-27 22:35 . 2012-06-27 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-27 21:13 . 2012-06-27 21:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-27 22:35 . 2012-06-27 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-03 16:28 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
+ 2012-03-03 16:28 . 2012-02-23 09:18 279656 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:01 . 2012-06-27 20:41 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-27 22:34 298164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-03 19:14 . 2012-06-27 22:34 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
- 2012-03-03 19:14 . 2012-06-27 20:41 29887472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-432926832-3655622850-39131558-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Gary\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-06 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 2646128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Launchy.lnk - c:\program files (x86)\Launchy\Launchy.exe [2012-3-5 380928]
MDaemon - Shortcut.lnk - c:\program files (x86)\MDaemon\App\MDaemon.exe [2012-4-13 1433600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 257224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-05 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-06 283200]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 MDaemon;MDaemon;c:\progra~2\MDaemon\APP\MDAEMON.EXE [2012-03-03 1433600]
S2 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2012-02-14 2169056]
S2 WebAdmin;WebAdmin Server;c:\progra~2\MDaemon\WebAdmin\WebAdmin.exe [2010-06-22 215040]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-03-04 12904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 18:16]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 11:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Gary\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
TCP: Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\
FF - prefs.js: browser.startup.homepage - about:newtab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\xampp\mysql\bin\mysqld.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\MDaemon\APP\CFEngine.exe
c:\progra~2\MDaemon\WorldClient\WorldClient.exe
c:\progra~2\MDaemon\SpamAssassin\MDSpamD.exe
.
**************************************************************************
.
Completion time: 2012-06-27 23:46:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 22:46
ComboFix2.txt 2012-06-27 21:25
ComboFix3.txt 2012-06-25 20:48
ComboFix4.txt 2012-06-25 19:53
.
Pre-Run: 35,486,945,280 bytes free
Post-Run: 35,060,199,424 bytes free
.
- - End Of File - - 109DD1350404D41ED3AFA899A1D61D64
 
Good :)

How is computer doing?

============================================

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=========================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

28/06/2012 07:28:23
mbam-log-2012-06-28 (07-28-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232273
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
OTL logfile created on: 28/06/2012 07:39:34 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.56% Memory free
16.00 Gb Paging File | 14.13 Gb Available in Paging File | 88.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.48 Gb Total Space | 32.54 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 129.03 Gb Total Space | 124.42 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
Drive G: | 20.51 Gb Total Space | 5.49 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
Drive H: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
Drive I: | 20.02 Gb Total Space | 19.92 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
Drive J: | 186.00 Gb Total Space | 55.74 Gb Free Space | 29.97% Space Free | Partition Type: FAT32

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
PRC - [2012/06/19 15:03:18 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/16 22:04:33 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/03/06 23:27:23 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/03/03 17:58:22 | 001,433,600 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\App\MDaemon.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011/09/09 18:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2010/06/22 11:05:54 | 000,215,040 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\WebAdmin\WebAdmin.exe
PRC - [2010/06/22 11:02:02 | 000,221,696 | ---- | M] (Alt-N Technologies, Ltd.) -- C:\Program Files (x86)\MDaemon\WorldClient\WorldClient.exe
PRC - [2010/06/22 10:34:50 | 000,125,952 | ---- | M] (Alt-N) -- C:\Program Files (x86)\MDaemon\App\CFEngine.exe
PRC - [2010/06/22 10:21:34 | 005,156,930 | ---- | M] (Alt-N Technologies) -- C:\Program Files (x86)\MDaemon\SpamAssassin\MDSpamD.exe
PRC - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 15:03:17 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 15:03:16 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 15:03:16 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 15:03:16 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 15:03:16 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2010/11/10 20:39:08 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010/11/10 20:39:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010/11/10 20:38:52 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010/11/10 20:38:40 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010/11/10 20:38:40 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010/11/10 20:38:24 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010/11/10 20:38:08 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2009/12/17 01:18:48 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009/12/16 23:13:02 | 008,314,880 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009/12/16 22:56:22 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009/12/16 22:54:46 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009/08/29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/02/15 00:31:16 | 002,169,056 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV:64bit: - [2011/11/10 04:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/24 19:16:16 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 15:03:18 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/16 08:19:05 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/16 22:04:33 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/03 17:58:22 | 001,433,600 | ---- | M] (Alt-N Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\MDaemon\App\MDaemon.exe -- (MDaemon)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/10 10:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/09/09 18:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2010/06/22 11:05:54 | 000,215,040 | ---- | M] (Alt-N Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\MDaemon\WebAdmin\WebAdmin.exe -- (WebAdmin)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/06 07:10:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/04 20:32:24 | 000,012,904 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mv2.sys -- (mv2)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 04:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/10 04:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 03:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 3D 1A 7A EA 39 CD 01 [binary data]
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes,DefaultScope = {C4BB5D69-C08C-43F8-9D76-28A8A9EC3B65}
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\..\SearchScopes\{C4BB5D69-C08C-43F8-9D76-28A8A9EC3B65}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-432926832-3655622850-39131558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:newtab"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 5
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 08:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/19 06:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 08:19:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/03 17:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions
[2012/06/28 00:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions
[2012/03/19 15:49:02 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2012/05/16 21:05:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\battlefieldheroespatcher@ea.com
[2012/03/06 22:10:37 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012/06/09 23:35:49 | 000,000,000 | ---D | M] (Typing Stats) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\nsnmmjan.default\extensions\typingstats@lukasturek.org
[2012/06/04 22:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/23 08:05:36 | 000,084,634 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/06/21 07:29:06 | 000,193,959 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
[2012/06/28 00:07:21 | 000,009,524 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{3E9A3920-1B27-11DA-8CD6-0800200C9A66}.XPI
[2012/03/06 22:10:38 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/05/18 22:24:49 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/04/15 07:08:41 | 000,140,964 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2012/06/06 20:17:18 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NSNMMJAN.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/06/16 08:19:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 16:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 16:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Entanglement = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Angry Birds = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Beatlab = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk\1.0.1_0\
CHR - Extension: YouTube = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: EM Calculator = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedkhglifjkdpijiphheomafjmkepigd\2.0_0\
CHR - Extension: Look of Disapproval = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn\2.2_0\
CHR - Extension: Google Search = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Springpad = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: Minimal = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0\
CHR - Extension: Seesmic = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikhnbijacmpeikpnoeddepkehmcofgbh\1.2_0\
CHR - Extension: Lock Tab = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnikalcnjojfkpleicbncjmnieimjlfe\0.8.2_0\
CHR - Extension: Chrome Clipper = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\kenmcdanhnljigfdkodoedgpckoifnmd\1.9.3_1\
CHR - Extension: Image Properties Context Menu = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon\0.7.5_0\
CHR - Extension: eBay Extension for Google Chrome\u2122 (by eBay) = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\1.5.3.2_0\
CHR - Extension: ShiftEdit = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.32_0\
CHR - Extension: Remove cookies for site. = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmfdblomdpkcniknaenceeogpgepocmm\1.3_0\
CHR - Extension: Gmail = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/27 23:35:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [F.lux] C:\Users\Gary\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-432926832-3655622850-39131558-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Gary\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MDaemon - Shortcut.lnk = C:\Program Files (x86)\MDaemon\App\MDaemon.exe (Alt-N Technologies, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-432926832-3655622850-39131558-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5768A142-6463-4856-A441-84E2433AE691}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: Domain = greekattic.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DED67ABD-4829-475E-BB31-57E76989AEBC}: NameServer = 192.168.2.4
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/27 03:18:49 | 000,087,910 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 07:38:29 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2012/06/28 00:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/28 00:00:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 23:46:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/27 22:03:55 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2012/06/27 16:35:50 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/27 10:47:38 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Charles
[2012/06/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Charles
[2012/06/27 10:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2012/06/27 10:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/27 10:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/27 10:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/25 22:08:37 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Malwarebytes
[2012/06/25 22:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 22:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 21:59:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
[2012/06/25 21:34:52 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
[2012/06/25 21:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/25 20:37:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/25 20:37:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/25 20:37:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/25 20:34:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/25 20:31:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/24 19:19:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Regensoft
[2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Regensoft
[2012/06/23 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Regensoft
[2012/06/23 21:20:16 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/06/23 21:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2012/06/23 21:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2012/06/23 21:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Kawa
[2012/06/23 21:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa
[2012/06/18 08:19:46 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Macromedia
[2012/06/16 16:28:18 | 000,000,000 | -H-D | C] -- C:\Users\Gary\Desktop\.picasaoriginals
[2012/06/15 19:06:40 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\.rFactor
[2012/06/09 21:12:36 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2012/06/09 20:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astroburn Lite
[2012/06/09 20:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Astroburn Lite
[2012/06/09 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astroburn Lite
[2012/06/09 20:10:26 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2012/06/07 20:16:24 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/31 23:04:45 | 000,000,000 | ---D | C] -- C:\Users\Gary\VirtualBox VMs
[2012/05/31 23:04:27 | 000,000,000 | ---D | C] -- C:\Users\Gary\.VirtualBox
[2012/05/31 22:01:19 | 000,000,000 | R--D | C] -- C:\ESD
[2012/05/29 16:42:45 | 000,000,000 | ---D | C] -- C:\Users\Gary\.rssowl2
[2012/05/29 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/05/29 16:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
[2012/05/29 16:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RSSOwl

========== Files - Modified Within 30 Days ==========

[2012/06/28 07:43:21 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 07:43:21 | 000,025,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2012/06/28 07:35:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 07:35:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 07:35:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 00:18:22 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/28 00:18:13 | 000,787,568 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 00:18:13 | 000,654,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/28 00:18:13 | 000,121,852 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/28 00:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 23:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 23:35:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 22:04:09 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2012/06/27 21:38:26 | 000,000,600 | ---- | M] () -- C:\Users\Gary\AppData\Local\PUTTY.RND
[2012/06/27 16:21:22 | 000,038,639 | ---- | M] () -- C:\Users\Gary\Desktop\shipping.png
[2012/06/25 21:59:59 | 000,085,379 | ---- | M] () -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
[2012/06/25 21:35:06 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
[2012/06/23 22:15:42 | 000,782,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/23 21:20:17 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2012/06/23 21:20:07 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
[2012/06/19 16:59:38 | 301,149,238 | ---- | M] () -- C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
[2012/06/18 22:04:50 | 000,010,711 | ---- | M] () -- C:\Users\Gary\Desktop\Keys.ini
[2012/06/17 10:34:47 | 000,000,816 | ---- | M] () -- C:\Users\Gary\Desktop\rFactor2.lnk
[2012/06/16 17:57:00 | 000,003,584 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/16 16:28:18 | 000,682,161 | ---- | M] () -- C:\Users\Gary\Desktop\2011-05-23_13-23-59_765.jpg
[2012/06/15 06:54:22 | 000,316,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 09:49:50 | 000,527,122 | ---- | M] () -- C:\Users\Gary\Desktop\flash.bmp
[2012/06/10 08:20:15 | 000,031,715 | ---- | M] () -- C:\Users\Gary\Desktop\flash.jpg
[2012/06/09 21:12:36 | 000,002,508 | ---- | M] () -- C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/06/09 20:23:38 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
[2012/06/09 20:10:23 | 000,001,388 | ---- | M] () -- C:\Users\Gary\Desktop\Install Windows.lnk
[2012/06/07 20:16:20 | 298,792,988 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/04 22:56:25 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/02 08:44:23 | 000,001,047 | ---- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/29 19:33:59 | 000,004,033 | ---- | M] () -- C:\Users\Gary\Documents\feedreader.opml
[2012/05/29 16:41:29 | 000,001,869 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2012/05/29 16:41:29 | 000,001,845 | ---- | M] () -- C:\Users\Gary\Desktop\RSSOwl.lnk

========== Files Created - No Company Name ==========

[2012/06/27 16:21:22 | 000,038,639 | ---- | C] () -- C:\Users\Gary\Desktop\shipping.png
[2012/06/25 21:59:57 | 000,085,379 | ---- | C] () -- C:\Users\Gary\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
[2012/06/25 21:02:40 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/25 20:37:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/25 20:37:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/25 20:37:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/25 20:37:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/25 20:37:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/23 21:20:17 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader App.lnk
[2012/06/23 21:20:07 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\PSP Video 9.lnk
[2012/06/19 17:53:08 | 301,149,238 | ---- | C] () -- C:\Users\Gary\Desktop\Civilization 2 - Ultimate Classic Collection.7z
[2012/06/18 22:04:49 | 000,010,711 | ---- | C] () -- C:\Users\Gary\Desktop\Keys.ini
[2012/06/17 10:34:47 | 000,000,816 | ---- | C] () -- C:\Users\Gary\Desktop\rFactor2.lnk
[2012/06/16 17:57:00 | 000,003,584 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/16 16:28:18 | 000,682,161 | ---- | C] () -- C:\Users\Gary\Desktop\2011-05-23_13-23-59_765.jpg
[2012/06/10 09:49:50 | 000,527,122 | ---- | C] () -- C:\Users\Gary\Desktop\flash.bmp
[2012/06/10 08:20:15 | 000,031,715 | ---- | C] () -- C:\Users\Gary\Desktop\flash.jpg
[2012/06/09 21:12:36 | 000,002,508 | ---- | C] () -- C:\Users\Gary\Desktop\Windows 7 USB DVD Download Tool.lnk
[2012/06/09 20:23:38 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Astroburn Lite.lnk
[2012/06/07 20:16:20 | 298,792,988 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/04 22:56:25 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/31 23:01:53 | 000,001,388 | ---- | C] () -- C:\Users\Gary\Desktop\Install Windows.lnk
[2012/05/29 19:33:59 | 000,004,033 | ---- | C] () -- C:\Users\Gary\Documents\feedreader.opml
[2012/05/29 16:41:29 | 000,001,869 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\RSSOwl.lnk
[2012/05/29 16:41:29 | 000,001,845 | ---- | C] () -- C:\Users\Gary\Desktop\RSSOwl.lnk
[2012/05/16 22:04:39 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/05/16 22:04:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/12 19:11:17 | 000,000,600 | ---- | C] () -- C:\Users\Gary\AppData\Local\PUTTY.RND
[2012/03/06 00:11:33 | 000,007,603 | ---- | C] () -- C:\Users\Gary\AppData\Local\resmon.resmoncfg
[2012/03/03 17:15:57 | 000,787,568 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/03 12:13:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/10 03:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 03:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/13 00:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/06/27 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.purple
[2012/06/15 19:08:32 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\.rFactor
[2012/06/27 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Charles
[2012/05/06 07:12:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DAEMON Tools Lite
[2012/06/28 07:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Dropbox
[2012/03/12 14:18:36 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\EditPlus 3
[2012/04/25 09:56:29 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Feedreader
[2012/03/05 00:24:37 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Launchy
[2012/04/11 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\LibreOffice
[2012/05/23 22:32:19 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\MetroTwit
[2012/03/04 21:16:45 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Notepad++
[2012/04/28 21:44:01 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Quest3D
[2012/05/10 16:48:15 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Rainmeter
[2012/03/03 20:04:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Thunderbird
[2012/03/09 11:01:40 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Titanium
[2012/06/24 23:44:10 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\uTorrent
[2012/06/09 07:46:01 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/27 23:46:00 | 000,024,502 | ---- | M] () -- C:\ComboFix.txt
[2012/06/28 07:35:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 07:35:34 | 4293,386,239 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/07 12:59:22 | 000,000,221 | -HS- | M] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/27 22:04:09 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2012/06/25 21:35:06 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\garygary.exe
[2012/06/28 07:38:31 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/28 00:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 07:35:49 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 23:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 07:35:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/09 07:46:01 | 000,032,612 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/03/07 12:58:29 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2012/03/07 12:58:29 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/03/07 12:58:29 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/03/07 12:59:22 | 000,000,402 | -HS- | M] () -- C:\Users\Gary\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
OTL Extras logfile created on: 28/06/2012 07:39:34 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.56% Memory free
16.00 Gb Paging File | 14.13 Gb Available in Paging File | 88.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277.48 Gb Total Space | 32.54 Gb Free Space | 11.73% Space Free | Partition Type: NTFS
Drive E: | 2.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 129.03 Gb Total Space | 124.42 Gb Free Space | 96.43% Space Free | Partition Type: NTFS
Drive G: | 20.51 Gb Total Space | 5.49 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
Drive H: | 3.73 Gb Total Space | 3.72 Gb Free Space | 99.89% Space Free | Partition Type: FAT32
Drive I: | 20.02 Gb Total Space | 19.92 Gb Free Space | 99.52% Space Free | Partition Type: NTFS
Drive J: | 186.00 Gb Total Space | 55.74 Gb Free Space | 29.97% Space Free | Partition Type: FAT32

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_USERS\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5EDDBF5C-A7E8-4E55-A9B7-7E08EB0CC842}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0AF274-2A45-48CB-B670-31F4E11DA4B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0A2F1086-38FC-43C3-AC13-EAAAE53890D8}" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
"{0C43D6C4-92E0-4258-9A16-D3C5072A24AB}" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{238B6F66-5F12-4A19-B4FD-90DBCA43CFCA}" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"{29A7A1E7-D47B-4A7C-B4A9-6C2482552E93}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4AE89123-E799-4B47-88CF-DE290FBB6653}" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1B55E6A-1676-46A1-B1EE-3E523B2C92C8}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EE30DF08-C73D-4A28-B12E-328184CA29A3}" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3CD50CA-EF78-41F8-8B54-694AA545AA4D}" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4E0ED790-7956-4A93-81C4-3C7AB58A2791}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{BFCA74F9-BDD9-4944-B292-353D97C0F288}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{F3866364-433A-429F-9329-257856FB6E2E}C:\program files\charles\charles.exe" = protocol=6 | dir=in | app=c:\program files\charles\charles.exe |
"TCP Query User{FB6D2B84-264C-42C1-B97A-50CCC075E3B7}C:\program files (x86)\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |
"UDP Query User{121554BF-7CF7-44C9-89D8-492F19DFADBF}C:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\gary\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1E6AB3DE-FFC7-4A2D-9FE9-94BC4CF221D6}C:\program files\charles\charles.exe" = protocol=17 | dir=in | app=c:\program files\charles\charles.exe |
"UDP Query User{2583A905-4115-48F7-91B3-465BC637E569}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{C0A15B11-D72A-4DEF-BB9A-08D77CF30A63}C:\program files (x86)\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pidgin\pidgin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61163088-76A7-4A20-8228-7058848CD37F}" = Charles 3.6.5
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{7492BCA7-9F62-4265-A727-DC26A9E3DF10}" = Oracle VM VirtualBox 4.1.12
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR 4.11 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{FD31AD0D-98ED-4D54-B2C3-03646C3545B8}_is1" = Project CARS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Astroburn Lite" = Astroburn Lite
"AviSynth" = AviSynth 2.5
"DAEMON Tools Lite" = DAEMON Tools Lite
"EditPlus 3" = EditPlus 3
"FeedReader_is1" = FeedReader
"GFWL_{4D5308D2-DC8E-4658-A37C-351000038100}" = Microsoft Flight
"Google Chrome" = Google Chrome
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Launchy_21344213_is1" = Launchy 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MDaemon Server" = MDaemon Server
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0.1 (x86 en-GB)" = Mozilla Thunderbird 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PSP Video 9" = PSP Video 9 6
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter
"rFactor" = rFactor (remove only)
"rFactor2" = rFactor2
"RSSOwl" = RSSOwl
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 240" = Counter-Strike: Source
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 8600" = RACE 07
"UK2000 VFR Scenery Volume1" = UK2000 VFR Scenery Volume1 files
"uTorrent" = µTorrent
"xampp" = XAMPP 1.7.7
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-432926832-3655622850-39131558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"eec89cd0692c9aed" = MetroTwit
"F1 1976 LE v1.1" = F1 1976 LE v1.1
"Flux" = F.lux

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/06/2012 16:36:22 | Computer Name = Gary-PC | Source = VSS | ID = 12289
Description =

Error - 26/06/2012 03:05:35 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 26/06/2012 03:07:56 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Games\rFactor2\Core\ModMgr.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 26/06/2012 03:08:02 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Games\rFactor2\Support\Tools\MAS2.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/06/2012 04:09:11 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 27/06/2012 04:09:43 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Games\rFactor2\Core\ModMgr.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/06/2012 04:09:43 | Computer Name = Gary-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Games\rFactor2\Support\Tools\MAS2.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = VSS | ID = 18
Description =

Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = VSS | ID = 8193
Description =

Error - 27/06/2012 17:05:01 | Computer Name = Gary-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 27/06/2012 17:15:00 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147023878

Error - 27/06/2012 17:26:55 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 27/06/2012 18:31:48 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 27/06/2012 18:33:32 | Computer Name = Gary-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 27/06/2012 18:33:32 | Computer Name = Gary-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 27/06/2012 18:33:56 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 27/06/2012 18:34:06 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 27/06/2012 18:59:21 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 27/06/2012 19:18:25 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.

Error - 28/06/2012 02:34:40 | Computer Name = Gary-PC | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error %%1.


< End of report >
 
You didn't say:
How is computer doing?
Click to expand...

p4494882.gif


=============================================

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Broni said:
p4494882.gif
Click to expand...

D'oh! I did reply in my first attempt that hit the character limit, but then forgot to re-add it. My PC has been behaving normally since the last ComboFix run, which is encouraging :)

Checkup.txt:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.1
Java(TM) 6 Update 32
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back