MuTron
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by MuTron
-
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-24 04:41:47
# local_time=2012-06-24 05:41:47 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 69472 93018693 0 0
# compatibility_mode=8192 67108863 100 0 216 216 0 0
# scanned=210246
# found=6
# cleaned=6
# scan_time=2463
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.A.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Rob\Downloads\Alcohol52_FE_2.0.2.3931.exe a variant of Win32/InstallCore.R application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06242012_153927\C_Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06242012_153927\C_Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
ComboFix 12-06-23.06 - Rob 24/06/2012 16:37:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2043 [GMT 1:00]
Running from: c:\users\Rob\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E9FE930044.sys
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\muzapp.exe
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 )))))))))))))))))))))))))))))))
.
.
2012-06-24 15:41 . 2012-06-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-24 14:35 . 2012-06-24 14:35 -------- d-----w- C:\_OTL
2012-06-24 10:32 . 2012-06-24 10:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-24 10:31 . 2012-06-24 10:31 -------- d-----w- c:\program files (x86)\Oracle
2012-06-24 10:30 . 2012-06-24 10:30 -------- d-----w- c:\program files (x86)\Java
2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\programdata\Malwarebytes
2012-06-24 10:18 . 2012-06-24 10:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-24 10:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 20:56 . 2012-06-23 20:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-23 20:35 . 2012-06-23 20:35 -------- d-----w- c:\users\Rob\AppData\Local\Conceiva
2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\programdata\Conceiva
2012-06-23 20:33 . 2012-06-23 20:33 -------- d-----w- c:\program files (x86)\Conceiva
2012-06-23 12:18 . 2012-06-23 18:56 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-06-23 10:01 . 2012-05-04 18:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-23 09:58 . 2012-06-23 10:00 -------- d-----w- c:\program files\Java
2012-06-22 18:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C52C71CB-2644-4F26-BDFE-8CAB2E81437A}\mpengine.dll
2012-06-19 13:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 13:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 13:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 13:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 13:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 13:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 13:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 13:00 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 13:00 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 09:57 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-16 09:57 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-16 09:57 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-05 10:03 . 2010-11-11 17:40 80448 ----a-w- c:\windows\system32\MMCEDT5.exe
2012-06-05 10:03 . 2010-09-21 08:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys
2012-06-05 10:03 . 2012-06-05 10:03 -------- d-----w- c:\program files (x86)\ArcSoft
2012-06-05 09:41 . 2012-06-05 10:05 -------- d-----w- c:\users\Rob\AppData\Roaming\ArcSoft
2012-06-05 09:41 . 2012-06-05 09:45 -------- d-----w- c:\programdata\ArcSoft
2012-06-02 08:24 . 2012-06-02 08:24 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-06-01 22:19 . 2012-06-01 22:19 -------- d-----w- c:\programdata\BDJ
2012-06-01 22:15 . 2012-06-01 22:16 -------- d-----w- c:\users\Rob\AppData\Roaming\Corel
2012-06-01 22:15 . 2012-06-01 22:16 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-06-01 22:15 . 2012-06-01 22:15 -------- d-----w- c:\users\Rob\Corel
2012-06-01 22:14 . 2007-01-15 13:36 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2012-06-01 22:13 . 2012-06-05 09:37 -------- d-----w- c:\programdata\Corel
2012-06-01 21:51 . 2012-06-01 21:51 -------- d-----w- c:\users\Rob\AppData\Local\MediaShow
2012-06-01 21:36 . 2012-06-01 21:36 -------- d-----w- c:\users\Rob\AppData\Local\MediaServer
2012-06-01 21:36 . 2012-06-01 21:53 -------- d-----w- c:\programdata\PDVD
2012-06-01 21:34 . 2012-06-01 21:34 -------- d-----w- c:\programdata\install_clap
2012-05-31 19:37 . 2012-06-06 20:20 -------- d-----w- c:\users\Rob\AppData\Local\CyberLink
2012-05-31 19:30 . 2012-06-06 20:20 -------- d-----w- c:\users\Public\CyberLink
2012-05-31 19:30 . 2012-05-31 19:30 -------- d-----w- c:\users\Rob\AppData\Local\PowerDVDCox
2012-05-31 19:30 . 2012-05-31 19:30 -------- d-----w- c:\users\Rob\AppData\Local\PowerDVDCinema
2012-05-31 19:30 . 2012-06-01 21:37 -------- d-----w- c:\users\Rob\AppData\Roaming\CyberLink
2012-05-31 19:26 . 2012-06-06 20:21 -------- d-----w- c:\programdata\CyberLink
2012-05-31 19:26 . 2012-05-31 19:26 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2012-05-31 19:24 . 2012-05-31 19:41 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-31 19:24 . 2006-07-11 16:35 503808 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-31 17:55 . 2012-05-31 17:59 -------- d-----w- c:\users\Rob\AppData\Roaming\aacs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:58 . 2012-05-12 14:47 955840 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-23 09:58 . 2012-05-12 14:47 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-22 18:11 . 2012-04-14 13:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 18:11 . 2012-04-14 13:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:29 . 2012-05-05 16:29 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 18:29 . 2012-04-14 10:23 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-02 11:26 . 2012-05-02 11:26 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-04-23 17:33 . 2012-04-23 17:34 678746 ----a-w- c:\windows\unins000.exe
2012-04-14 11:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-14 11:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-14 09:54 . 2012-04-14 09:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-04-14 09:54 . 2012-04-14 09:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-04-14 09:54 . 2012-04-14 09:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-04-14 09:54 . 2012-04-14 09:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-04-14 09:54 . 2012-04-14 09:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-14 09:54 . 2012-04-14 09:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-04-14 09:54 . 2012-04-14 09:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-14 09:54 . 2012-04-14 09:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-04-14 09:54 . 2012-04-14 09:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-04-14 09:54 . 2012-04-14 09:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-04-14 09:54 . 2012-04-14 09:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-04-14 09:54 . 2012-04-14 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-04-14 09:54 . 2012-04-14 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-14 09:54 . 2012-04-14 09:54 448512 ----a-w- c:\windows\system32\html.iec
2012-04-14 09:54 . 2012-04-14 09:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-14 09:54 . 2012-04-14 09:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-04-14 09:54 . 2012-04-14 09:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-04-14 09:54 . 2012-04-14 09:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-14 09:54 . 2012-04-14 09:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-04-14 09:54 . 2012-04-14 09:54 222208 ----a-w- c:\windows\system32\msls31.dll
2012-04-14 09:54 . 2012-04-14 09:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-04-14 09:54 . 2012-04-14 09:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-04-14 09:54 . 2012-04-14 09:54 160256 ----a-w- c:\windows\system32\wextract.exe
2012-04-14 09:54 . 2012-04-14 09:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-04-14 09:54 . 2012-04-14 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-04-14 09:54 . 2012-04-14 09:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-04-14 09:54 . 2012-04-14 09:54 12288 ----a-w- c:\windows\system32\mshta.exe
2012-04-14 09:54 . 2012-04-14 09:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-04-14 09:54 . 2012-04-14 09:54 114176 ----a-w- c:\windows\system32\admparse.dll
2012-04-14 09:54 . 2012-04-14 09:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-04-14 09:54 . 2012-04-14 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-04-14 09:54 . 2012-04-14 09:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-04-08 23:47 . 2012-04-29 12:06 92160 ----a-w- c:\windows\system32\ff_vfw.dll
2012-04-08 23:45 . 2012-04-29 12:06 53760 ----a-w- c:\windows\system32\ff_acm.acm
2012-04-08 23:40 . 2012-04-29 12:07 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-04-08 23:39 . 2012-04-29 12:07 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2012-03-30 11:35 . 2012-05-12 06:57 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 21:11 . 2012-05-03 14:14 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-03-28 21:11 . 2012-03-28 21:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 21:11 . 2012-03-28 21:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 21:11 . 2012-03-28 21:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 21:11 . 2012-03-28 21:11 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-03-28 21:11 . 2012-03-28 21:11 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-03-28 21:11 . 2012-03-28 21:11 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-03-28 21:11 . 2012-03-28 21:11 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-03-28 21:11 . 2012-03-28 21:11 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-03-28 21:11 . 2012-03-28 21:11 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-03-28 21:11 . 2012-03-28 21:11 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-03-28 21:11 . 2012-03-28 21:11 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-03-28 21:11 . 2012-03-28 21:11 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-03-28 21:11 . 2012-03-28 21:11 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-03-28 21:11 . 2012-03-28 21:11 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-03-28 21:11 . 2012-03-28 21:11 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-03-28 21:11 . 2012-03-28 21:11 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-03-28 21:11 . 2012-03-28 21:11 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-03-28 21:11 . 2012-03-28 21:11 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-03-28 21:11 . 2012-03-28 21:11 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-03-28 21:11 . 2012-03-28 21:11 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-03-28 21:11 . 2012-03-28 21:11 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-03-28 21:11 . 2012-03-28 21:11 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-03-28 21:11 . 2012-03-28 21:11 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-03-28 21:11 . 2012-03-28 21:11 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-03-28 21:11 . 2012-05-03 14:14 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Mezzmo;Mezzmo;c:\program files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2012-06-08 3114352]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-24 16:48:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-24 15:48
.
Pre-Run: 156,432,834,560 bytes free
Post-Run: 156,257,230,848 bytes free
.
- - End Of File - - 33A63663F17DE2B1B8FA4FCC6C24BA81
-
All processes killed
========== OTL ==========
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000032.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000064.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000004.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L\00000004.@ moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\@ moved successfully.
C:\Users\Rob\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Rob\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Rob\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U folder moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Rob
->Temp folder emptied: 305469238 bytes
->Temporary Internet Files folder emptied: 360947558 bytes
->Java cache emptied: 10561 bytes
->FireFox cache emptied: 576862074 bytes
->Flash cache emptied: 72301 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 175788598 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,354.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.0 log created on 06242012_153927
Files\Folders moved on Reboot...
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U folder moved successfully.
C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} folder moved successfully.
C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f} not found!
File C:\Users\Rob\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
Database version: v2012.06.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rob :: ROB-PC [administrator]
Protection: Enabled
24/06/2012 15:57:00
mbam-log-2012-06-24 (15-57-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202513
Time elapsed: 1 minute(s), 57 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
uTorrent is gone, and the results of the OTL logs are as follows:
OTL logfile created on: 24/06/2012 15:01:23 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rob\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.30% Memory free
7.85 Gb Paging File | 5.94 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.62 Gb Total Space | 145.05 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/24 15:01:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Downloads\OTL.exe
PRC - [2012/06/08 12:55:56 | 003,114,352 | ---- | M] (Conceiva Pty. Ltd.) -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/31 04:38:14 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
========== Modules (No Company Name) ==========
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2012/06/08 12:55:56 | 003,114,352 | ---- | M] (Conceiva Pty. Ltd.) [Auto | Running] -- C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe -- (Mezzmo)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/21 04:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/02 12:26:33 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/22 10:04:10 | 000,876,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/06/02 06:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/06/02 06:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011/06/02 06:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/21 06:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010/12/07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/21 09:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2010/07/13 09:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/21 04:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 09:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/04 19:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/07/02 08:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/07/01 18:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/06/10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/01/15 14:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007/01/15 14:36:18 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 49 25 2B 28 1A CD 01 [binary data]
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/19 17:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/04/19 17:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2012/05/02 22:44:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\extensions
[2012/06/24 11:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/13 05:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 05:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 05:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/06/24 13:47:32 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ATLAS Toolbar) - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3476930714-2238320914-2895250818-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\atlscript.html ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21C05178-18CF-4675-A99E-3FE2BE2A9B0C}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88745F7A-1AC1-4BCF-95FF-7B301B05B89D}: DhcpNameServer = 192.168.250.253
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/24 13:59:35 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\RK_Quarantine
[2012/06/24 11:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/24 11:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/24 11:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/24 11:18:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Malwarebytes
[2012/06/24 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/24 11:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/24 11:18:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/24 11:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/23 21:56:34 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/23 21:35:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Conceiva
[2012/06/23 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Conceiva
[2012/06/23 21:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conceiva
[2012/06/23 21:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mezzmo
[2012/06/23 21:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conceiva
[2012/06/23 13:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012/06/23 10:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/05 11:03:58 | 000,080,448 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysNative\MMCEDT5.exe
[2012/06/05 11:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 5
[2012/06/05 11:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012/06/05 10:44:59 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\ArcSoft
[2012/06/05 10:41:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\ArcSoft
[2012/06/05 10:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/06/02 09:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/06/01 23:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\BDJ
[2012/06/01 23:15:05 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Corel
[2012/06/01 23:15:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\Corel
[2012/06/01 23:14:15 | 000,014,112 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys
[2012/06/01 23:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/06/01 22:51:31 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\MediaShow
[2012/06/01 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\MediaServer
[2012/06/01 22:36:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2012/06/01 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2012/06/01 22:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012/05/31 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\CyberLink
[2012/05/31 20:30:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\PowerDVDCox
[2012/05/31 20:30:20 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\PowerDVDCinema
[2012/05/31 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\Documents\CyberLink
[2012/05/31 20:30:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\CyberLink
[2012/05/31 20:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/05/31 20:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2012/05/31 20:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012/05/31 18:55:32 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\aacs
========== Files - Modified Within 30 Days ==========
[2012/06/24 12:54:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 12:54:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/24 12:46:57 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2012/06/24 12:46:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/24 12:46:36 | 3161,878,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 11:27:56 | 000,803,043 | ---- | M] () -- C:\Users\Rob\AppData\Local\census.cache
[2012/06/24 11:27:52 | 000,102,979 | ---- | M] () -- C:\Users\Rob\AppData\Local\ars.cache
[2012/06/24 11:21:07 | 001,012,656 | ---- | M] () -- C:\Users\Rob\Desktop\rkill.com
[2012/06/24 11:18:46 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 23:23:11 | 3655,533,832 | ---- | M] () -- C:\Users\Rob\Desktop\rsg-holmes2-1080p.mp4
[2012/06/23 21:43:30 | 000,000,036 | ---- | M] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2012/06/23 21:35:17 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Mezzmo.lnk
[2012/06/17 03:26:07 | 004,916,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/17 03:08:04 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 03:08:04 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 03:08:04 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/05 11:03:57 | 000,002,092 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk
[2012/06/01 23:16:12 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/06/01 23:15:04 | 000,000,008 | RHS- | M] () -- C:\ProgramData\E9FE930044.sys
[2012/06/01 23:14:57 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr
========== Files Created - No Company Name ==========
[2012/06/24 12:47:02 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000008.@
[2012/06/24 11:21:07 | 001,012,656 | ---- | C] () -- C:\Users\Rob\Desktop\rkill.com
[2012/06/24 11:18:46 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/23 23:20:36 | 3655,533,832 | ---- | C] () -- C:\Users\Rob\Desktop\rsg-holmes2-1080p.mp4
[2012/06/23 21:58:23 | 000,803,043 | ---- | C] () -- C:\Users\Rob\AppData\Local\census.cache
[2012/06/23 21:57:03 | 000,102,979 | ---- | C] () -- C:\Users\Rob\AppData\Local\ars.cache
[2012/06/23 21:43:30 | 000,000,036 | ---- | C] () -- C:\Users\Rob\AppData\Local\housecall.guid.cache
[2012/06/23 21:42:30 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000032.@
[2012/06/23 21:42:30 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000064.@
[2012/06/23 21:42:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\80000000.@
[2012/06/23 21:42:30 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\00000004.@
[2012/06/23 21:42:30 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\U\000000cb.@
[2012/06/23 21:42:30 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\L\00000004.@
[2012/06/23 21:35:34 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2012/06/23 21:35:17 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Mezzmo.lnk
[2012/06/05 11:03:58 | 000,312,184 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcSec.sys
[2012/06/05 11:03:58 | 000,007,366 | ---- | C] () -- C:\Windows\SysNative\drivers\win7_64logo.cat
[2012/06/05 11:03:58 | 000,002,239 | ---- | C] () -- C:\Windows\SysNative\drivers\win7Logo.inf
[2012/06/05 11:03:57 | 000,002,092 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre 5.lnk
[2012/06/01 23:15:04 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012/06/01 23:15:04 | 000,000,008 | RHS- | C] () -- C:\ProgramData\E9FE930044.sys
[2012/06/01 23:14:16 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr
[2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabib.ini
[2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabhm.ini
[2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabec.ini
[2012/05/14 16:07:35 | 000,000,005 | ---- | C] () -- C:\Windows\cjhgabap.ini
[2012/05/14 15:45:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/04/30 19:57:15 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\LTAW14FN.BIN
[2012/04/30 19:57:15 | 000,000,256 | -H-- | C] () -- C:\Windows\SysWow64\FJLTAFOU.BIN
[2012/04/29 13:07:31 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/04/29 13:01:58 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2012/04/29 13:01:58 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2012/04/24 21:58:02 | 000,000,005 | ---- | C] () -- C:\Windows\khohnodf.ini
[2012/04/24 21:54:06 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoch.ini
[2012/04/24 21:49:59 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoph.ini
[2012/04/24 21:49:59 | 000,000,005 | ---- | C] () -- C:\Windows\khohnoje.ini
[2012/04/24 21:45:08 | 000,000,005 | ---- | C] () -- C:\Windows\khohnokj.ini
[2012/04/24 21:45:08 | 000,000,005 | ---- | C] () -- C:\Windows\khohnobj.ini
[2012/04/24 21:45:07 | 000,000,005 | ---- | C] () -- C:\Windows\khohnomf.ini
[2012/04/24 21:45:07 | 000,000,005 | ---- | C] () -- C:\Windows\khohnogk.ini
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\ssoleht.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibkh.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibjy.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibfg.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\sslibeh.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibff.dll
[2012/04/23 18:34:31 | 000,002,756 | ---- | C] () -- C:\Windows\SysWow64\slibddf.dll
[2012/04/23 18:34:26 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/23 18:34:26 | 000,019,599 | ---- | C] () -- C:\Windows\unins000.dat
[2012/04/14 14:36:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/04/14 10:15:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{be431491-87b6-d01f-6352-5b8a625dcb5f}\@
[2012/04/14 08:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/28 22:11:08 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/03/28 22:11:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/03/28 22:11:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/03/28 22:11:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/03/28 22:11:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
========== LOP Check ==========
[2012/05/31 18:59:51 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\aacs
[2012/04/14 16:23:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Ableton
[2012/05/22 22:30:23 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Audacity
[2012/05/19 17:58:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/05/24 12:12:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DAEMON Tools Lite
[2012/04/30 19:58:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Fujitsu
[2012/04/14 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\iZotope
[2012/04/15 20:47:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenOffice.org
[2012/05/03 15:37:25 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Samsung
[2012/04/14 15:49:26 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Synaptics
[2012/06/24 14:55:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent
[2012/05/28 15:47:08 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 24/06/2012 15:01:23 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Rob\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.93 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 53.30% Memory free
7.85 Gb Paging File | 5.94 Gb Available in Paging File | 75.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.62 Gb Total Space | 145.05 Gb Free Space | 31.15% Space Free | Partition Type: NTFS
Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000F0}" = Java 7 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java 7 Update 5 (64-bit)
"{2A837CDD-8FD6-4287-B82E-0664C90BB15A}" = Lexicon Omega Driver
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{73089240-023C-11E0-9AE3-2BA1DFD72085}" = M-Audio FastTrackPro Driver 6.0.7 (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"ffdshow64_is1" = ffdshow x64 v1.2.4422 [2012-04-09]
"MediaInfo" = MediaInfo 0.7.57
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.02
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}" = ATLAS Translation Standard V14.0 Trial Version
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9BE11DE3-4703-4482-BC77-A32D73951334}" = Mezzmo
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0
"AviSynth" = AviSynth 2.5
"Best Service Chris Hein Horns" = Best Service Chris Hein Horns
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Foxit Reader_is1" = Foxit Reader 5.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"Lexicon Omega Driver" = Lexicon Omega Driver
"Live 8.2" = Live 8.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyTomTom" = MyTomTom 3.1.0.530
"Native Instruments B4 II" = Native Instruments B4 II
"Neat Image_is1" = Neat Image v5.2 Pro+
"PS3 Media Server" = PS3 Media Server
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 2.00
"The Grand" = Steinberg The Grand
"VLC media player" = VLC media player 2.0.1
"Wave Arts Power Suite" = Wave Arts Power Suite
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/06/2012 14:50:10 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 12/06/2012 15:20:09 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 13:14:05 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 13:19:21 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 13:19:26 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 13:20:24 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 16:48:36 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 16:48:52 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 13/06/2012 16:50:36 | Computer Name = Rob-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .
Error - 24/06/2012 09:59:36 | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.53.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 784 Start Time:
01cd52110cd1e4b9 Termination Time: 4 Application Path: C:\Users\Rob\Downloads\OTL.exe
Report
Id:
[ Broadcom Wireless LAN Events ]
Error - 31/05/2012 13:36:21 | Computer Name = Rob-PC | Source = WLAN-Tray | ID = 0
Description = 18:36:21, Thu, May 31, 12 Error - Unable to gain access to user store
Error - 31/05/2012 15:56:12 | Computer Name = Rob-PC | Source = WLAN-Tray | ID = 0
Description = 20:56:12, Thu, May 31, 12 Error - Unable to gain access to user store
[ System Events ]
Error - 24/06/2012 07:46:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.
Error - 24/06/2012 07:46:48 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 24/06/2012 07:47:00 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 24/06/2012 07:47:00 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7000
Description = The regi service failed to start due to the following error: %%2
Error - 24/06/2012 07:47:12 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 24/06/2012 07:47:12 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 24/06/2012 09:42:22 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 24/06/2012 09:42:22 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
Error - 24/06/2012 09:48:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891
Error - 24/06/2012 09:48:47 | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891
< End of report >
-
I've stupidly got an infection that just won't go away. Here are the requested logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Rob at 13:28:53 on 2012-06-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2024 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: ATLAS Toolbar: {3c6301ed-0f78-4af2-8150-d9c052361a8e} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [AdobeBridge]
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
LSP: mswsock.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{21C05178-18CF-4675-A99E-3FE2BE2A9B0C} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{27715C20-15F9-450A-8252-BA8AA3C46827}\6796277696E6D65646961623632343933353 : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{88745F7A-1AC1-4BCF-95FF-7B301B05B89D} : DhcpNameServer = 192.168.250.253
BHO-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
BHO-X64: ATLAS Toolbar - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: ATLAS Toolbar: {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files (x86)\ATLAS V14\Atlscript.html
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\5i9fi36f.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ArcSec;ArcSec;C:\Windows\system32\drivers\ArcSec.sys --> C:\Windows\system32\drivers\ArcSec.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 6077757b;6077757b;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2012-4-14 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-14 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-24 654408]
R2 Mezzmo;Mezzmo;C:\Program Files (x86)\Conceiva\Mezzmo\MezzmoMediaServer.exe [2012-6-23 3114352]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-24 10:31:41 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-24 10:18:51 -------- d-----w- C:\Users\Rob\AppData\Roaming\Malwarebytes
2012-06-24 10:18:46 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-24 10:18:45 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-24 10:18:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-23 20:56:34 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-23 20:35:26 -------- d-----w- C:\Users\Rob\AppData\Local\Conceiva
2012-06-23 20:33:37 -------- d-----w- C:\ProgramData\Conceiva
2012-06-23 20:33:32 -------- d-----w- C:\Program Files (x86)\Conceiva
2012-06-23 12:18:38 -------- d-----w- C:\Program Files (x86)\PS3 Media Server
2012-06-23 10:01:21 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-22 18:15:11 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C52C71CB-2644-4F26-BDFE-8CAB2E81437A}\mpengine.dll
2012-06-19 13:00:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 13:00:37 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 13:00:21 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 13:00:21 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-16 09:57:07 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-16 09:57:06 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-16 09:57:06 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-05 10:03:58 80448 ----a-w- C:\Windows\System32\MMCEDT5.exe
2012-06-05 10:03:58 312184 ----a-w- C:\Windows\System32\drivers\ArcSec.sys
2012-06-05 09:41:01 -------- d-----w- C:\ProgramData\ArcSoft
2012-06-02 08:24:50 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-06-01 22:19:46 -------- d-----w- C:\ProgramData\BDJ
2012-06-01 22:15:04 8 --sh--r- C:\ProgramData\E9FE930044.sys
2012-06-01 22:15:04 2828 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-06-01 22:15:03 -------- d-----w- C:\Users\Rob\Corel
2012-06-01 22:14:15 14112 ----a-w- C:\Windows\System32\drivers\regi.sys
2012-06-01 22:13:50 -------- d-----w- C:\ProgramData\Corel
2012-06-01 21:51:31 -------- d-----w- C:\Users\Rob\AppData\Local\MediaShow
2012-06-01 21:36:22 -------- d-----w- C:\Users\Rob\AppData\Local\MediaServer
2012-06-01 21:36:21 -------- d-----w- C:\ProgramData\PDVD
2012-06-01 21:34:56 -------- d-----w- C:\ProgramData\install_clap
2012-05-31 19:37:18 -------- d-----w- C:\Users\Rob\AppData\Local\CyberLink
2012-05-31 19:30:21 -------- d-----w- C:\Users\Rob\AppData\Local\PowerDVDCox
2012-05-31 19:30:20 -------- d-----w- C:\Users\Rob\AppData\Local\PowerDVDCinema
2012-05-31 19:26:12 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
2012-05-31 19:24:49 503808 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-31 19:24:49 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-05-31 17:55:32 -------- d-----w- C:\Users\Rob\AppData\Roaming\aacs
.
==================== Find3M ====================
.
2012-06-23 09:58:10 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-06-23 09:58:10 839096 ----a-w- C:\Windows\System32\deployJava1.dll
2012-06-22 18:11:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 18:11:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 17:29:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 18:29:22 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 11:26:33 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-30 18:57:15 256 ---ha-w- C:\Windows\SysWow64\LTAW14FN.BIN
2012-04-30 18:57:15 256 ---ha-w- C:\Windows\SysWow64\FJLTAFOU.BIN
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 17:33:48 678746 ----a-w- C:\Windows\unins000.exe
2012-04-14 11:09:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-14 11:09:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-14 07:36:51 0 ----a-w- C:\Windows\ativpsrm.bin
2012-04-08 23:47:14 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-04-08 23:45:52 53760 ----a-w- C:\Windows\System32\ff_acm.acm
2012-04-08 23:40:36 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-04-08 23:39:26 48128 ----a-w- C:\Windows\SysWow64\ff_acm.acm
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 13:29:07.17 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 14/04/2012 08:41:15
System Uptime: 24/06/2012 12:46:27 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | U2E1 | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 145.321 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: regi
Device ID: ROOT\LEGACY_REGI\0000
Manufacturer:
Name: regi
PNP Device ID: ROOT\LEGACY_REGI\0000
Service: regi
.
==== System Restore Points ===================
.
RP60: 17/06/2012 03:00:12 - Windows Update
RP61: 19/06/2012 14:00:05 - Windows Update
RP62: 22/06/2012 19:14:39 - Windows Update
RP63: 23/06/2012 10:57:29 - Installed Java 7 Update 5 (64-bit)
RP64: 23/06/2012 10:59:56 - Installed Java 7 (64-bit)
RP65: 23/06/2012 11:01:03 - Installed Java 7
RP66: 23/06/2012 21:33:11 - Installed Mezzmo
RP67: 24/06/2012 11:29:28 - Installed Java 7 Update 5
RP68: 24/06/2012 11:31:13 - Installed JavaFX 2.1.1
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS6
ArcSoft TotalMedia Theatre 5
ATLAS Translation Standard V14.0 Trial Version
µTorrent
Audacity 2.0
AviSynth 2.5
Best Service Chris Hein Horns
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Combined Community Codec Pack 2011-11-11
ffdshow v1.2.4422 [2012-04-09]
Foxit Reader 5.1
IDT Audio
Intel® Rapid Storage Technology
Java Auto Updater
Java 7 Update 5
JavaFX 2.1.1
Lexicon Omega Driver
Live 8.2
Malwarebytes Anti-Malware version 1.61.0.1400
Mezzmo
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.1.0.530
Native Instruments B4 II
Neat Image v5.2 Pro+
OpenOffice.org 3.3
PDF Settings CS6
PS3 Media Server
REALTEK Wireless LAN Driver
RICOH Media Driver ver.2.07.01.02
RICOH R5U8xx Media Driver ver.3.62.02
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Sonalksis Plug-Ins for Windows 2.00
Steinberg The Grand
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio C++ 10.0 Runtime
VLC media player 2.0.1
Wave Arts Power Suite
.
==== Event Viewer Messages From Past Week ========
.
24/06/2012 12:47:12, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
24/06/2012 12:47:12, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
24/06/2012 12:47:00, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
24/06/2012 12:47:00, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.
24/06/2012 12:46:48, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
24/06/2012 12:46:47, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
24/06/2012 12:46:44, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
24/06/2012 12:46:40, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
24/06/2012 12:46:40, Error: atikmdag [43029] - Display is not active
24/06/2012 11:51:11, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:51:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24/06/2012 11:51:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24/06/2012 11:51:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
24/06/2012 11:51:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
24/06/2012 11:51:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24/06/2012 11:51:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24/06/2012 11:50:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ArcSec DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
24/06/2012 11:50:51, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
24/06/2012 11:50:28, Error: sptd [4] - Driver detected an internal error in its data structures for .
.
==== End Of File ===========================
It'd be great if you could help without me having to nuke Windows and reinstall.
Another trojan.dropper.BCMiner
in Resolved Malware Removal Logs
Posted
Thank you, that appears to have done the trick. No more browser redirects, and I've tried several virus scanners, and they're all reporting clean.