Jump to content

ronin90210

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. hello, I'm not going to complain at all, congratulations on your marriage, and I hope your day is special for you both. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-08-2013 01 Ran by Simon at 2013-08-02 19:35:53 Run:1 Running from C:\Users\Simon\Downloads Boot Mode: Normal ============================================== HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} => Key deleted successfully. C:\Windows\System32\Tasks\ooqyobuxm => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ooqyobuxm => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} => Key deleted successfully. C:\Windows\System32\Tasks\Ycwmnfqzbs => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ycwmnfqzbs => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA38C74F-DEC6-46E9-8370-78A83A4F932E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA38C74F-DEC6-46E9-8370-78A83A4F932E} => Key deleted successfully. C:\Windows\System32\Tasks\LKXAYORGMF => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LKXAYORGMF => Key deleted successfully. C:\Windows\Tasks\Ycwmnfqzbs.job => Moved successfully. C:\Windows\Tasks\ooqyobuxm.job => Moved successfully. C:\Windows\Tasks\LKXAYORGMF.job => Moved successfully. C:\Windows\system32\KBDRU19.dll => Moved successfully. C:\Windows\system32\ds16gt6.dll => Moved successfully. C:\Windows\system32\catsrvutk.dll => Moved successfully. C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar => Moved successfully. C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe => Moved successfully. C:\Users\Simon\Desktop\WinAVI Video Converter.lnk => Moved successfully. C:\Users\Simon\AppData\Roaming\WinAVI => Moved successfully. C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter => Moved successfully. C:\Users\Simon\AppData\Local\WinAVI => Moved successfully. C:\Program Files\WinAVI => Moved successfully. C:\Program Files\QuickMediaConverter => Moved successfully. C:\Users\Public\Desktop\QuickMediaConverter.lnk => Moved successfully. C:\Users\Simon\AppData\Roaming\Cocoon Software => Moved successfully. C:\Users\Simon\Downloads\QMC.exe => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\SA.DAT => Moved successfully. ==== End of Fixlog ====
  2. addition.txt log Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04 Ran by Simon at 2013-08-01 14:38:04 Running from C:\Users\Simon\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.7.700.224) Adobe Photoshop Elements 6 Adobe Photoshop Elements 6.0 (Version: 6.0) Adobe Reader 8.1.0 Adobe Reader X (10.1.7) (Version: 10.1.7) Adobe Shockwave Player (Version: 10.3.0.24) Android Commander version 0.7.9.11 (Version: 0.7.9.11) Any Video Converter 5.0.7 Apple Application Support (Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (Version: 2.1.3.127) ATK Hotkey (Version: 1.00.0018) Belarc Advisor 8.3 (Version: 8.3.2.0) Bonjour (Version: 3.0.0.10) British Telecom Carbonite Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) ConvertHelper 2.2 CyberLink PowerCinema (Version: 6.0.1615) EPSON Scan EPSON SX210 Series Printer Uninstall ESET Online Scanner v3 Firefox Google BAE Google Chrome Frame (Version: 28.0.1500.72) Google Earth Google Earth (Version: 4.0.2737) Google Update Helper (Version: 1.3.21.153) HandBrake 0.9.9.1 (Version: 0.9.9.1) HDReg (Version: 2.0.0) Helium (Version: 1.0.0) Infocentre Rev. 2.0.0.1 Internet From BT iTunes (Version: 11.0.4.4) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) KeyboardTest V3.0 Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Suite Activation Assistant (Version: 2.7) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Works (Version: 9.7.0621) Microsoft Works 9 SE Microsoft XML Parser (Version: 8.70.1104.04) Microsoft® Office Trial 2007 Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 8 Essentials Nero 8 Essentials (Version: 8.2.283) neroxml (Version: 1.0.0) Packard Bell ImageWriter Packard Bell LCD Test Packard Bell Updator PdaNet+ for Android 4.12 Picasa 2 (Version: 2.0) Picasa2 Power Cinema 6 Protect your files now PS3 Media Server (Version: 1.82.0) Quick Media Converter HD QuickTime (Version: 7.74.80.86) Realtek High Definition Audio Driver (Version: 6.0.1.6873) Roll SCARM 0.9.17 beta (Version: 0.9.17) SeaTools for Windows (Version: 1.1.3.2) SiS VGA Utilities (Version: 5.08) Spybot - Search & Destroy (Version: 2.0.12) Steam (Version: 1.0.0.0) Synaptics Pointing Device Driver (Version: 9.1.19.0) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VCRedistSetup (Version: 1.0.0) VLC media player 2.0.7 (Version: 2.0.7) WinAVI Video Converter (Version: 11.6.1.4734) ==================== Restore Points ========================= 21-07-2013 08:21:16 Installed Java 7 Update 25 ==================== Hosts content: ========================== 2006-11-02 11:23 - 2013-07-26 14:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0025AF66-2720-4AA8-9A26-26F8B8AA0AF6} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: {14008FA2-5E5F-42F9-A01B-47A41C99581A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} - System32\Tasks\ooqyobuxm => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {2B9A48FC-86D0-48A3-9924-B1096934B97E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.) Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} - System32\Tasks\Ycwmnfqzbs => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {D120DE50-E24B-401F-A660-22CEE56E802F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.) Task: {EA38C74F-DEC6-46E9-8370-78A83A4F932E} - System32\Tasks\LKXAYORGMF => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\LKXAYORGMF.job => C:\Windows\system32\rundll32.exe Task: C:\Windows\Tasks\ooqyobuxm.job => C:\Windows\system32\rundll32.exe Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\Windows\Tasks\Ycwmnfqzbs.job => C:\Windows\system32\rundll32.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2013 08:48:51 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2013 00:07:28 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/31/2013 00:06:34 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/30/2013 02:13:56 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17721 Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17721 Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 16676 Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 16676 Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (08/01/2013 09:07:37 AM) (Source: DCOM) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (08/01/2013 08:48:51 AM) (Source: Service Control Manager) (User: ) Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058 Error: (08/01/2013 08:47:44 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/31/2013 00:07:29 AM) (Source: Service Control Manager) (User: ) Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058 Error: (07/31/2013 00:05:57 AM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Error: (07/30/2013 03:36:16 PM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (07/30/2013 03:30:01 PM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (07/30/2013 03:20:46 PM) (Source: Service Control Manager) (User: ) Description: PEVSystemStart Error: (07/30/2013 02:13:57 PM) (Source: Service Control Manager) (User: ) Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058 Error: (07/30/2013 02:12:21 PM) (Source: HTTP) (User: ) Description: \Device\Http\ReqQueueKerberos Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-01 14:37:49.263 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:49.029 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:48.795 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:48.577 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:17.081 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:16.847 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:16.628 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:16.394 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:16.160 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-01 14:37:15.895 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 81% Total physical RAM: 894.52 MB Available physical RAM: 167.8 MB Total Pagefile: 2197.86 MB Available Pagefile: 1125.12 MB Total Virtual: 2047.88 MB Available Virtual: 1910.07 MB ==================== Drives ================================ Drive c: (HDD) (Fixed) (Total:101.78 GB) (Free:15.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: EAB40873) Partition 1: (Not Active) - (Size=10 GB) - (Type=27) Partition 2: (Active) - (Size=102 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. frst log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04 Ran by Simon (administrator) on 01-08-2013 14:36:23 Running from C:\Users\Simon\Downloads Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Microsoft Corporation) C:\Windows\system32\SLsvc.exe () C:\Program Files\ATK Hotkey\ASLDRSrv.exe () C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe () C:\Program Files\ATK Hotkey\Hcontrol.exe (Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Program Files\ATK Hotkey\ATKOSD.exe () C:\Program Files\ATK Hotkey\WDC.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe (CyberLink) C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe (CyberLink Corp.) C:\Program Files\CyberLink\PlayMovie\PMVService.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe () C:\Program Files\PdaNet for Android\PdaNetPC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [siSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2007-10-16] (Silicon Integrated Systems Corporation) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.) HKLM\...\Run: [PCMAgent] - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-03-21] (CyberLink Corp.) HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-04-11] (CyberLink) HKLM\...\Run: [PlayMovie] - C:\Program Files\CyberLink\PlayMovie\PMVService.exe [172032 2008-03-31] (CyberLink Corp.) HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [28672 2007-02-20] ( ) HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION! HKCU\...\Run: [spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\Administrator\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation) Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe () BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.packardbell.com/?id=9088 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll__BHODemonDisabled No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU -No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100) R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.) R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\CyberLink\PlayMovie\000.fcl [41456 2008-03-31] (Cyberlink Corp.) S3 catchme; \??\C:\Users\Simon\AppData\Local\Temp\catchme.sys [x] S3 CFcatchme; \??\C:\Users\Simon\AppData\Local\Temp\CFcatchme.sys [x] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x] S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-01 14:35 - 2013-08-01 14:35 - 01222064 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe 2013-08-01 14:35 - 2013-08-01 14:35 - 00000000 ____D C:\FRST 2013-07-31 19:49 - 2013-07-31 19:49 - 00000528 _____ C:\Users\Simon\Desktop\onlinescan.txt 2013-07-31 18:06 - 2013-07-31 18:06 - 00000000 ____D C:\Program Files\ESET 2013-07-31 18:05 - 2013-07-31 18:06 - 02347384 _____ (ESET) C:\Users\Simon\Downloads\esetsmartinstaller_enu.exe 2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Windows\Sun 2013-07-30 15:40 - 2013-07-30 15:40 - 00018114 _____ C:\ComboFix.txt 2013-07-30 15:18 - 2013-07-30 15:40 - 00000000 ____D C:\ComboFix 2013-07-27 22:45 - 2013-07-27 22:45 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HandBrake 2013-07-27 21:29 - 2013-07-27 21:29 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0(1).exe 2013-07-27 21:28 - 2013-07-27 21:28 - 00001393 _____ C:\Users\Administrator.Simon-PC\Desktop\taskmgr - Shortcut.lnk 2013-07-27 21:28 - 2008-01-21 03:56 - 00000230 _____ C:\Users\Administrator.Simon-PC\Desktop\Run.lnk 2013-07-27 20:59 - 2013-07-27 20:59 - 00000223 _____ C:\Users\Simon\Downloads\CFScript.txt 2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Cocoon Software 2013-07-25 21:30 - 2013-07-25 21:31 - 66560136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\Plex-Media-Server-0.9.728.33-f80a4a2-en-US.exe 2013-07-25 21:24 - 2013-07-25 21:24 - 19577768 _____ C:\Users\Administrator.Simon-PC\Downloads\TVersitySetup_2_5.exe 2013-07-25 21:17 - 2013-07-25 21:19 - 00000000 ____D C:\usbstick 2013-07-25 20:57 - 2013-07-23 09:10 - 00001652 _____ C:\Users\Simon\Desktop\PS3 Media Server.lnk 2013-07-25 19:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe 2013-07-25 19:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe 2013-07-25 19:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-25 19:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-07-25 19:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-07-25 19:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe 2013-07-25 19:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe 2013-07-25 19:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe 2013-07-25 12:15 - 2013-07-25 14:19 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.minecraft 2013-07-25 12:14 - 2013-07-25 12:15 - 00675988 _____ C:\Users\Simon\Desktop\Minecraft.exe 2013-07-24 17:09 - 2013-07-24 17:17 - 00000000 ____D C:\8bb52fb69a465ea51d6fed28 2013-07-24 16:01 - 2013-07-24 16:01 - 00866592 _____ C:\Users\Simon\Downloads\Norton_Removal_Tool.exe 2013-07-24 15:15 - 2013-07-30 15:40 - 00000000 ____D C:\Qoobox 2013-07-24 15:14 - 2013-07-30 15:16 - 05095756 ____R (Swearware) C:\Users\Simon\Desktop\ComboFix.exe 2013-07-24 15:14 - 2013-07-25 19:37 - 00000000 ____D C:\Windows\erdnt 2013-07-24 15:13 - 2013-07-24 15:13 - 05092950 _____ (Swearware) C:\Users\Simon\Downloads\ComboFix.exe 2013-07-24 13:54 - 2013-07-24 13:54 - 00000600 _____ C:\Users\Simon\Documents\ark.txt 2013-07-24 13:15 - 2013-07-24 13:15 - 109366227 _____ C:\Windows\MEMORY.DMP 2013-07-24 13:15 - 2013-07-24 13:15 - 00139096 _____ C:\Windows\Minidump\Mini072413-01.dmp 2013-07-24 13:15 - 2013-07-24 13:15 - 00000000 ____D C:\Windows\Minidump 2013-07-24 13:11 - 2013-07-24 13:11 - 00377856 _____ C:\Users\Simon\Downloads\dibjzip4.exe 2013-07-24 09:26 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2013-07-24 09:26 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2013-07-24 09:26 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2013-07-24 09:26 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2013-07-24 09:26 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-07-24 09:15 - 2010-09-20 10:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll 2013-07-24 09:05 - 2009-08-24 13:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2013-07-24 09:04 - 2013-07-24 09:04 - 00003125 _____ C:\Users\Simon\Desktop\attach.txt 2013-07-24 09:04 - 2013-07-24 09:02 - 00016176 _____ C:\Users\Simon\Desktop\dds.txt 2013-07-24 09:04 - 2010-09-06 17:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2013-07-24 09:04 - 2010-09-06 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2013-07-24 09:03 - 2009-11-03 23:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll 2013-07-24 09:03 - 2009-11-03 23:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll 2013-07-24 09:03 - 2009-11-03 20:53 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2013-07-24 08:53 - 2013-07-24 08:53 - 00688992 ____R (Swearware) C:\Users\Simon\Downloads\dds.scr 2013-07-24 08:42 - 2013-07-24 08:42 - 00001688 _____ C:\AdwCleaner[s1].txt 2013-07-24 08:41 - 2013-07-24 08:41 - 00666633 _____ C:\Users\Simon\Downloads\AdwCleaner.exe 2013-07-24 08:39 - 2013-07-24 08:39 - 00002031 _____ C:\Users\Simon\Desktop\JRT.txt 2013-07-24 08:33 - 2013-07-24 08:33 - 00000000 ____D C:\Windows\ERUNT 2013-07-24 08:32 - 2013-07-24 08:32 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simon\Downloads\JRT.exe 2013-07-24 08:13 - 2013-07-24 08:13 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\WindowsUpdate 2013-07-24 07:52 - 2013-07-24 07:52 - 00000000 ____D C:\Windows\system32\WindowsPowerShell 2013-07-24 07:46 - 2008-05-27 06:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2013-07-24 07:46 - 2008-05-27 06:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2013-07-24 07:46 - 2008-05-27 06:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2013-07-24 07:46 - 2008-05-27 06:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll 2013-07-24 07:46 - 2008-05-27 06:18 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2013-07-24 07:46 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2013-07-24 07:46 - 2008-05-27 06:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll 2013-07-24 07:46 - 2008-05-27 05:59 - 00106605 _____ C:\Windows\system32\StructuredQuerySchema.bin 2013-07-24 07:46 - 2008-05-27 05:59 - 00018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin 2013-07-24 07:46 - 2007-11-08 10:04 - 11967524 _____ C:\Windows\system32\korwbrkr.lex 2013-07-24 07:41 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2013-07-24 07:41 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe 2013-07-24 07:41 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe 2013-07-24 07:41 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe 2013-07-24 07:41 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll 2013-07-24 07:41 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll 2013-07-24 07:41 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2013-07-24 07:41 - 2009-10-09 22:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll 2013-07-24 07:41 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll 2013-07-24 07:41 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe 2013-07-24 07:41 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll 2013-07-24 07:41 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll 2013-07-24 07:41 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\system32\winrm.vbs 2013-07-24 07:41 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml 2013-07-24 07:41 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl 2013-07-24 07:39 - 2011-04-12 15:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-07-24 07:39 - 2011-03-03 15:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll 2013-07-24 07:39 - 2011-03-03 14:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll 2013-07-24 07:39 - 2010-01-25 13:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2013-07-24 07:39 - 2010-01-25 13:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2013-07-24 07:39 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2013-07-24 07:39 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2013-07-24 07:39 - 2010-01-25 13:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2013-07-24 07:39 - 2010-01-25 09:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2013-07-24 07:39 - 2010-01-25 09:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2013-07-24 07:39 - 2010-01-25 09:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2013-07-24 07:39 - 2010-01-25 09:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2013-07-24 07:39 - 2009-10-23 18:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl 2013-07-24 07:39 - 2008-10-22 04:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll 2013-07-24 07:39 - 2008-09-18 05:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll 2013-07-24 07:39 - 2008-09-18 05:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll 2013-07-24 07:39 - 2008-08-28 04:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-07-24 07:39 - 2008-08-28 04:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll 2013-07-24 07:39 - 2008-08-28 04:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-07-24 07:39 - 2008-08-02 04:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2013-07-24 07:39 - 2008-08-02 02:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-07-24 07:39 - 2008-06-26 04:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2013-07-24 07:39 - 2008-06-26 04:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll 2013-07-24 07:36 - 2010-08-31 16:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-07-24 07:36 - 2008-10-21 06:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll 2013-07-24 07:35 - 2009-09-10 16:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe 2013-07-24 07:18 - 2013-07-24 07:18 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Malwarebytes 2013-07-24 07:01 - 2013-07-24 07:01 - 00000000 _____ C:\Windows\setupact.log 2013-07-24 06:37 - 2013-07-24 13:19 - 00000680 _____ C:\Users\Simon\AppData\Local\d3d9caps.dat 2013-07-24 03:49 - 2010-02-12 11:48 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe 2013-07-24 03:25 - 2008-06-20 02:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2013-07-24 03:25 - 2008-06-20 02:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2013-07-24 03:25 - 2008-06-20 02:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-24 03:25 - 2008-06-20 02:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2013-07-24 03:25 - 2008-06-20 02:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl 2013-07-24 03:25 - 2008-06-20 02:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2013-07-24 03:07 - 2008-07-27 19:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2013-07-24 03:07 - 2008-07-27 19:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2013-07-24 03:03 - 2013-07-24 03:04 - 00283170 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-07-24 03:03 - 2013-07-24 03:03 - 00000000 ____D C:\Program Files\MSXML 4.0 2013-07-24 03:02 - 2013-07-24 03:03 - 00288984 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-07-23 20:05 - 2008-06-26 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll 2013-07-23 20:05 - 2008-06-26 02:45 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll 2013-07-23 20:05 - 2008-06-26 02:45 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll 2013-07-23 19:58 - 2011-02-16 16:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-07-23 19:58 - 2011-02-16 14:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-07-23 19:58 - 2010-12-28 15:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll 2013-07-23 19:58 - 2010-09-10 19:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2013-07-23 19:58 - 2010-09-10 17:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2013-07-23 19:58 - 2010-06-16 16:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-07-23 19:58 - 2010-04-16 17:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2013-07-23 19:58 - 2009-06-15 16:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-07-23 19:58 - 2008-06-19 04:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2013-07-23 19:57 - 2009-08-14 17:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll 2013-07-23 19:57 - 2009-08-14 15:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE 2013-07-23 19:57 - 2009-08-14 15:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE 2013-07-23 19:57 - 2009-08-14 15:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE 2013-07-23 19:57 - 2009-08-14 15:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE 2013-07-23 19:57 - 2009-08-14 15:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe 2013-07-23 19:57 - 2009-08-14 15:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE 2013-07-23 19:57 - 2009-08-14 15:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE 2013-07-23 19:56 - 2011-04-21 16:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-23 19:56 - 2011-04-21 16:00 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-23 19:56 - 2011-04-21 15:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2013-07-23 19:56 - 2011-04-21 15:58 - 03593728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-23 19:56 - 2011-04-21 15:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll 2013-07-23 19:56 - 2011-04-21 15:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-23 19:56 - 2011-04-21 15:58 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-23 19:56 - 2011-04-21 15:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 06078976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2013-07-23 19:56 - 2011-04-21 15:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll 2013-07-23 19:56 - 2011-04-21 14:28 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2013-07-23 19:56 - 2011-04-21 14:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-23 19:56 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2013-07-23 19:56 - 2011-02-22 13:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2013-07-23 19:56 - 2010-10-15 15:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2013-07-23 19:56 - 2010-10-15 15:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-07-23 19:56 - 2010-10-15 14:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-07-23 19:56 - 2010-05-04 17:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-23 19:56 - 2010-02-26 05:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2013-07-23 19:56 - 2009-08-10 12:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2013-07-23 19:56 - 2009-07-11 20:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2013-07-23 19:56 - 2009-07-11 20:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2013-07-23 19:56 - 2009-07-11 20:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2013-07-23 19:56 - 2009-07-11 20:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll 2013-07-23 19:56 - 2009-07-11 18:18 - 02501921 _____ C:\Windows\system32\wlan.tmf 2013-07-23 19:55 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2013-07-23 19:55 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2013-07-23 19:55 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2013-07-23 19:55 - 2011-03-10 17:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll 2013-07-23 19:55 - 2011-03-10 17:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll 2013-07-23 19:55 - 2011-03-02 15:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2013-07-23 19:55 - 2011-03-02 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2013-07-23 19:55 - 2011-02-18 14:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2013-07-23 19:55 - 2010-08-17 14:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2013-07-23 19:55 - 2010-06-28 17:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2013-07-23 19:55 - 2010-05-27 20:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll 2013-07-23 19:55 - 2010-04-05 17:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2013-07-23 19:55 - 2009-09-10 18:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2013-07-23 19:55 - 2009-07-17 15:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll 2013-07-23 19:55 - 2009-06-10 13:11 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2013-07-23 19:55 - 2009-06-10 13:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL 2013-07-23 19:55 - 2009-05-04 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe 2013-07-23 19:55 - 2008-10-21 06:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2013-07-23 19:55 - 2008-04-05 04:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll 2013-07-23 19:55 - 2008-04-05 02:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys 2013-07-23 19:54 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-23 19:54 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-07-23 19:54 - 2010-12-14 16:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe 2013-07-23 19:54 - 2010-08-26 17:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2013-07-23 19:54 - 2009-07-10 13:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll 2013-07-23 19:54 - 2009-06-10 13:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll 2013-07-23 19:54 - 2008-06-26 04:29 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll 2013-07-23 19:54 - 2008-06-06 04:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2013-07-23 19:54 - 2008-06-06 04:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2013-07-23 19:54 - 2008-04-18 06:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll 2013-07-23 19:53 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2013-07-23 19:53 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2013-07-23 19:53 - 2011-02-16 16:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-23 19:53 - 2011-02-16 16:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-23 19:53 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2013-07-23 19:53 - 2010-08-31 16:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll 2013-07-23 19:53 - 2010-08-31 16:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll 2013-07-23 19:53 - 2010-04-05 17:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL 2013-07-23 19:53 - 2009-04-23 13:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2013-07-23 19:53 - 2008-10-16 05:47 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll 2013-07-23 19:52 - 2010-12-29 18:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2013-07-23 19:52 - 2010-12-29 18:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll 2013-07-23 19:52 - 2010-12-29 18:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll 2013-07-23 19:52 - 2010-12-29 18:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax 2013-07-23 19:52 - 2010-08-20 16:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll 2013-07-23 19:52 - 2010-06-18 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll 2013-07-23 19:52 - 2010-01-21 16:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm 2013-07-23 19:52 - 2009-06-15 19:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2013-07-23 19:52 - 2009-06-15 16:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2013-07-23 19:52 - 2009-06-15 16:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2013-07-23 19:52 - 2009-06-15 16:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2013-07-23 19:52 - 2009-06-15 16:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2013-07-23 19:52 - 2009-06-15 13:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2013-07-23 19:52 - 2009-03-03 05:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2013-07-23 19:52 - 2009-03-03 05:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll 2013-07-23 19:52 - 2009-03-03 05:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll 2013-07-23 19:52 - 2009-03-03 05:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll 2013-07-23 19:52 - 2009-03-03 05:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll 2013-07-23 19:52 - 2009-03-03 05:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll 2013-07-23 19:52 - 2009-03-03 04:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe 2013-07-23 19:52 - 2009-03-03 03:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe 2013-07-23 19:52 - 2008-10-29 07:29 - 02927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2013-07-23 19:51 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2013-07-23 19:51 - 2011-01-21 16:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-07-23 19:51 - 2011-01-21 16:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll 2013-07-23 19:51 - 2010-11-06 12:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll 2013-07-23 19:51 - 2010-11-06 12:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll 2013-07-23 19:51 - 2010-11-06 12:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll 2013-07-23 19:51 - 2010-11-06 12:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2013-07-23 19:51 - 2010-11-05 01:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe 2013-07-23 19:51 - 2010-10-18 15:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2013-07-23 19:51 - 2010-06-11 16:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2013-07-23 19:51 - 2010-04-16 17:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2013-07-23 19:51 - 2010-02-18 15:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2013-07-23 19:51 - 2010-02-18 12:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys 2013-07-23 19:51 - 2009-03-17 04:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll 2013-07-23 19:51 - 2009-03-17 04:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll 2013-07-23 19:50 - 2010-10-28 13:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-07-23 19:50 - 2008-08-12 04:39 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2013-07-23 19:50 - 2008-05-10 02:33 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2013-07-23 19:49 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-07-23 19:49 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-07-23 19:49 - 2009-07-14 14:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll 2013-07-23 19:49 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2013-07-23 19:49 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2013-07-23 19:49 - 2009-07-14 13:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2013-07-23 19:49 - 2009-07-14 09:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb 2013-07-23 19:49 - 2009-07-14 09:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb 2013-07-23 19:49 - 2008-06-23 02:59 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll 2013-07-23 19:49 - 2008-06-23 02:58 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe 2013-07-23 19:49 - 2008-05-08 22:59 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2013-07-23 19:49 - 2008-05-08 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2013-07-23 19:49 - 2008-05-08 22:59 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2013-07-23 19:49 - 2008-05-08 22:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll 2013-07-23 19:49 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2013-07-23 19:49 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2013-07-23 19:48 - 2010-12-17 17:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2013-07-23 19:48 - 2010-12-17 16:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2013-07-23 19:48 - 2010-06-16 16:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-07-23 19:48 - 2009-12-28 13:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll 2013-07-23 19:48 - 2009-12-28 13:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll 2013-07-23 19:48 - 2009-12-28 13:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll 2013-07-23 19:48 - 2009-12-28 13:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll 2013-07-23 19:48 - 2009-12-28 13:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll 2013-07-23 19:48 - 2009-12-28 13:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll 2013-07-23 19:48 - 2009-12-28 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll 2013-07-23 19:48 - 2009-12-28 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll 2013-07-23 19:48 - 2009-12-28 13:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll 2013-07-23 19:48 - 2009-10-07 13:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll 2013-07-23 19:48 - 2009-10-07 13:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2013-07-23 19:48 - 2009-09-04 13:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll 2013-07-23 19:48 - 2009-08-10 14:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2013-07-23 19:48 - 2009-04-23 13:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-07-23 19:47 - 2009-04-02 13:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL 2013-07-23 19:25 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2013-07-23 19:20 - 2010-01-15 01:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll 2013-07-23 19:20 - 2009-12-23 13:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-07-23 18:21 - 2013-07-24 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-23 18:20 - 2013-07-24 07:18 - 00000000 ____D C:\mbar 2013-07-23 18:20 - 2013-07-23 18:20 - 13399154 _____ C:\Users\Simon\Downloads\mbar-1.06.0.1004.zip 2013-07-23 16:24 - 2013-07-23 16:25 - 00000000 ____D C:\Users\Simon\Desktop\Old Firefox Data 2013-07-23 13:49 - 2013-08-01 08:47 - 00000314 _____ C:\Windows\Tasks\Ycwmnfqzbs.job 2013-07-23 13:49 - 2013-08-01 08:47 - 00000304 _____ C:\Windows\Tasks\ooqyobuxm.job 2013-07-23 13:49 - 2013-08-01 08:47 - 00000302 _____ C:\Windows\Tasks\LKXAYORGMF.job 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\KBDRU19.dll 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\ds16gt6.dll 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\catsrvutk.dll 2013-07-23 09:49 - 2013-07-25 21:34 - 00000000 ____D C:\Program Files\QuickMediaConverter 2013-07-23 09:49 - 2013-07-23 09:49 - 00000905 _____ C:\Users\Public\Desktop\QuickMediaConverter.lnk 2013-07-23 09:49 - 2013-07-23 09:49 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Cocoon Software 2013-07-23 09:47 - 2013-07-23 09:47 - 01091123 _____ (Conduit) C:\Users\Simon\Downloads\QMC.exe 2013-07-23 09:43 - 2013-07-23 09:43 - 16228762 _____ C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar 2013-07-23 09:35 - 2013-07-23 09:35 - 18903019 _____ (ZJMedia Digital Technology Ltd.) C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe 2013-07-23 09:35 - 2013-07-23 09:35 - 00001040 _____ C:\Users\Simon\Desktop\WinAVI Video Converter.lnk 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\WinAVI 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Local\WinAVI 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Program Files\WinAVI 2013-07-23 08:37 - 2013-07-23 09:48 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc 2013-07-23 08:36 - 2013-07-23 08:36 - 00000822 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-07-23 08:34 - 2013-07-23 08:35 - 22937227 _____ C:\Users\Simon\Downloads\vlc-2.0.7-win32.exe 2013-07-22 22:28 - 2013-07-22 22:28 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0.exe 2013-07-22 22:08 - 2013-07-22 22:08 - 22937227 _____ C:\Users\Administrator.Simon-PC\Downloads\vlc-2.0.7-win32.exe 2013-07-22 22:06 - 2013-07-22 22:06 - 01543745 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB960568-x86.msu 2013-07-22 22:05 - 2013-07-22 22:05 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck(1).exe 2013-07-22 22:03 - 2013-07-22 22:03 - 00000797 _____ C:\Windows\KB842773.log 2013-07-22 22:02 - 2013-07-22 22:02 - 00721136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\WindowsServer2003-KB842773-x86-enu.exe 2013-07-22 22:00 - 2013-07-22 22:00 - 00477549 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB939159-x86.msu 2013-07-22 21:59 - 2013-07-22 21:59 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck.exe 2013-07-22 21:45 - 2013-07-22 21:45 - 00127984 _____ C:\Users\Administrator.Simon-PC\Downloads\windowsupdate.diagcab 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Macromedia 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Adobe 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Macromedia 2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Mozilla 2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Mozilla 2013-07-22 21:24 - 2013-07-25 21:16 - 00071824 _____ C:\Users\Administrator.Simon-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Apple Computer 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PowerCinema 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PlayMovie 2013-07-22 21:21 - 2013-07-24 07:45 - 00000000 ____D C:\Users\Administrator.Simon-PC 2013-07-22 21:21 - 2013-07-22 21:21 - 00000020 ___SH C:\Users\Administrator.Simon-PC\ntuser.ini 2013-07-22 21:19 - 2013-07-22 21:19 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Users\Administrator 2013-07-22 20:44 - 2013-07-28 18:59 - 00000000 ____D C:\vampire 2013-07-22 20:42 - 2013-07-22 20:45 - 00000000 ____D C:\ProgramData\PMS 2013-07-22 20:41 - 2013-07-27 21:34 - 00000000 ____D C:\Program Files\PS3 Media Server 2013-07-22 20:39 - 2013-07-22 20:45 - 35265091 _____ C:\Users\Simon\Downloads\pms-setup-windows-1.82.0.exe 2013-07-22 17:39 - 2013-07-22 17:39 - 00000779 _____ C:\Users\Simon\Desktop\Handbrake.lnk 2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2013-07-22 17:35 - 2013-07-22 17:39 - 00000000 ____D C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 17:33 - 2013-07-22 17:39 - 00000000 ____D C:\Program Files\Handbrake 2013-07-22 17:33 - 2013-07-22 17:33 - 13888037 _____ C:\Users\Simon\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe 2013-07-22 17:28 - 2013-07-22 17:30 - 25001480 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\NetFx20SP2_x86.exe 2013-07-22 17:28 - 2013-07-22 17:28 - 01213248 _____ (DVDVideoSoft Ltd. ) C:\Users\Simon\Downloads\FreeStudio.exe 2013-07-22 17:15 - 2013-07-28 18:59 - 00000000 ____D C:\Users\Simon\Documents\Any Video Converter 2013-07-22 17:15 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\AnvSoft 2013-07-22 17:14 - 2013-07-22 17:14 - 00000955 _____ C:\Users\Simon\Desktop\Any Video Converter.lnk 2013-07-22 17:13 - 2013-07-22 17:13 - 00000000 ____D C:\Program Files\AnvSoft 2013-07-22 17:08 - 2013-07-22 17:11 - 32238280 _____ (Any-Video-Converter.com ) C:\Users\Simon\Downloads\avc-free.exe 2013-07-21 09:24 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.technic 2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\ProgramData\Sun 2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-21 09:23 - 2013-07-21 09:22 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-07-21 09:23 - 2013-07-21 09:22 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-07-21 09:23 - 2013-07-21 09:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-21 09:23 - 2013-07-21 09:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-21 09:23 - 2013-07-21 09:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-21 09:23 - 2013-07-21 09:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-21 09:22 - 2013-07-21 09:22 - 00000000 ____D C:\Program Files\Java 2013-07-21 09:20 - 2013-07-21 09:20 - 00000000 ____D C:\ProgramData\McAfee 2013-07-21 09:18 - 2013-07-21 09:18 - 03020770 _____ () C:\Users\Simon\Desktop\TechnicLauncher.exe 2013-07-10 00:26 - 2013-07-10 00:27 - 00015187 _____ C:\Users\Simon\AppData\Local\HWVendorDetection.log 2013-07-10 00:25 - 2013-07-10 00:26 - 02237480 _____ (Acer Inc.) C:\Users\Simon\Downloads\FilesDownload_HWID_HWVendorDetection.exe 2013-07-10 00:21 - 2013-07-10 00:27 - 49828488 _____ C:\Users\Simon\Downloads\Audio_Realtek_6.0.1.5735_Vistax64Vistax86_A(1).zip 2013-07-10 00:21 - 2013-07-10 00:27 - 30236667 _____ C:\Users\Simon\Downloads\T7a05764 2013-07-09 18:37 - 2013-07-09 18:42 - 32462994 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\WDM_R271.exe 2013-07-08 16:22 - 2013-07-08 16:24 - 00000000 ____D C:\Windows\system32\RTCOM 2013-07-08 16:18 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys 2013-07-08 16:18 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat 2013-07-08 16:18 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll 2013-07-08 16:18 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT 2013-07-08 16:18 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll 2013-07-08 16:18 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll 2013-07-08 16:18 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll 2013-07-08 16:18 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl 2013-07-08 16:18 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat 2013-07-08 16:18 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll 2013-07-08 16:18 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll 2013-07-08 16:18 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll 2013-07-08 16:18 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll 2013-07-08 16:18 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll 2013-07-08 16:18 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll 2013-07-08 16:18 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll 2013-07-08 16:18 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll 2013-07-08 16:18 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll 2013-07-08 16:18 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll 2013-07-08 16:18 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll 2013-07-08 16:18 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll 2013-07-08 16:18 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll 2013-07-08 16:18 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll 2013-07-08 16:18 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll 2013-07-08 16:18 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll 2013-07-08 16:18 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll 2013-07-08 16:18 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll 2013-07-08 16:18 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll 2013-07-08 16:18 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll 2013-07-08 16:18 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll 2013-07-08 16:18 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll 2013-07-08 16:18 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll 2013-07-08 16:18 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll 2013-07-08 16:18 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll 2013-07-08 16:18 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll 2013-07-08 16:18 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll 2013-07-08 16:18 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll 2013-07-08 16:18 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll 2013-07-08 16:18 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll 2013-07-08 16:18 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll 2013-07-08 16:18 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll 2013-07-08 16:18 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll 2013-07-08 16:18 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll 2013-07-08 16:18 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll 2013-07-08 16:18 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll 2013-07-08 16:18 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll 2013-07-08 16:18 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll 2013-07-08 16:18 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll 2013-07-08 16:17 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll 2013-07-08 16:17 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll 2013-07-08 16:17 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll 2013-07-08 16:17 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll 2013-07-08 16:17 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll 2013-07-08 16:17 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll 2013-07-08 16:17 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll 2013-07-08 16:17 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll 2013-07-08 16:17 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll 2013-07-08 15:50 - 2013-07-08 15:59 - 75792957 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\32bit_Vista_Win7_Win8_R271(1).exe 2013-07-08 12:42 - 2013-07-08 12:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes 2013-07-08 12:41 - 2013-07-08 12:41 - 00000869 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-08 12:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-08 12:38 - 2013-07-08 12:39 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-08 11:55 - 2013-07-08 11:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-04 21:27 - 2013-07-04 21:27 - 00000768 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Program Files\epson 2013-07-04 21:27 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe 2013-07-04 21:27 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll 2013-07-04 21:27 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll 2013-07-04 21:22 - 2013-07-04 21:23 - 12872704 _____ C:\Users\Simon\Downloads\epson323810eu.exe ==================== One Month Modified Files and Folders ======= 2013-08-01 14:35 - 2013-08-01 14:35 - 01222064 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe 2013-08-01 14:35 - 2013-08-01 14:35 - 00000000 ____D C:\FRST 2013-08-01 14:32 - 2013-06-09 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-01 14:23 - 2013-01-06 12:42 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-01 12:47 - 2006-11-02 13:45 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-01 12:47 - 2006-11-02 13:45 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-01 10:08 - 2013-01-04 23:11 - 01756794 _____ C:\Windows\WindowsUpdate.log 2013-08-01 08:47 - 2013-07-23 13:49 - 00000314 _____ C:\Windows\Tasks\Ycwmnfqzbs.job 2013-08-01 08:47 - 2013-07-23 13:49 - 00000304 _____ C:\Windows\Tasks\ooqyobuxm.job 2013-08-01 08:47 - 2013-07-23 13:49 - 00000302 _____ C:\Windows\Tasks\LKXAYORGMF.job 2013-08-01 08:47 - 2013-01-06 12:42 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-01 08:47 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-31 23:05 - 2006-11-02 13:58 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-07-31 19:49 - 2013-07-31 19:49 - 00000528 _____ C:\Users\Simon\Desktop\onlinescan.txt 2013-07-31 18:06 - 2013-07-31 18:06 - 00000000 ____D C:\Program Files\ESET 2013-07-31 18:06 - 2013-07-31 18:05 - 02347384 _____ (ESET) C:\Users\Simon\Downloads\esetsmartinstaller_enu.exe 2013-07-31 07:46 - 2013-02-18 15:24 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-07-31 00:05 - 2008-01-21 04:02 - 00191430 _____ C:\Windows\PFRO.log 2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Windows\Sun 2013-07-30 15:40 - 2013-07-30 15:40 - 00018114 _____ C:\ComboFix.txt 2013-07-30 15:40 - 2013-07-30 15:18 - 00000000 ____D C:\ComboFix 2013-07-30 15:40 - 2013-07-24 15:15 - 00000000 ____D C:\Qoobox 2013-07-30 15:36 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini 2013-07-30 15:16 - 2013-07-24 15:14 - 05095756 ____R (Swearware) C:\Users\Simon\Desktop\ComboFix.exe 2013-07-28 18:59 - 2013-07-22 20:44 - 00000000 ____D C:\vampire 2013-07-28 18:59 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\Documents\Any Video Converter 2013-07-27 22:45 - 2013-07-27 22:45 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HandBrake 2013-07-27 21:39 - 2013-01-04 23:21 - 00000907 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2013-07-27 21:34 - 2013-07-22 20:41 - 00000000 ____D C:\Program Files\PS3 Media Server 2013-07-27 21:29 - 2013-07-27 21:29 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0(1).exe 2013-07-27 21:28 - 2013-07-27 21:28 - 00001393 _____ C:\Users\Administrator.Simon-PC\Desktop\taskmgr - Shortcut.lnk 2013-07-27 20:59 - 2013-07-27 20:59 - 00000223 _____ C:\Users\Simon\Downloads\CFScript.txt 2013-07-26 20:41 - 2013-07-21 09:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.technic 2013-07-26 09:09 - 2008-06-21 11:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Cocoon Software 2013-07-25 21:34 - 2013-07-23 09:49 - 00000000 ____D C:\Program Files\QuickMediaConverter 2013-07-25 21:34 - 2006-11-02 11:23 - 00000563 _____ C:\Windows\win.ini 2013-07-25 21:31 - 2013-07-25 21:30 - 66560136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\Plex-Media-Server-0.9.728.33-f80a4a2-en-US.exe 2013-07-25 21:24 - 2013-07-25 21:24 - 19577768 _____ C:\Users\Administrator.Simon-PC\Downloads\TVersitySetup_2_5.exe 2013-07-25 21:20 - 2006-11-02 11:33 - 00703214 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-25 21:19 - 2013-07-25 21:17 - 00000000 ____D C:\usbstick 2013-07-25 21:16 - 2013-07-22 21:24 - 00071824 _____ C:\Users\Administrator.Simon-PC\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-25 21:11 - 2013-01-05 01:16 - 00020992 _____ C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-07-25 19:41 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default 2013-07-25 19:41 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public 2013-07-25 19:37 - 2013-07-24 15:14 - 00000000 ____D C:\Windows\erdnt 2013-07-25 14:19 - 2013-07-25 12:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.minecraft 2013-07-25 12:15 - 2013-07-25 12:14 - 00675988 _____ C:\Users\Simon\Desktop\Minecraft.exe 2013-07-24 18:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-24 17:17 - 2013-07-24 17:09 - 00000000 ____D C:\8bb52fb69a465ea51d6fed28 2013-07-24 16:01 - 2013-07-24 16:01 - 00866592 _____ C:\Users\Simon\Downloads\Norton_Removal_Tool.exe 2013-07-24 15:23 - 2008-06-21 11:38 - 00000000 ____D C:\Program Files\Microsoft.NET 2013-07-24 15:13 - 2013-07-24 15:13 - 05092950 _____ (Swearware) C:\Users\Simon\Downloads\ComboFix.exe 2013-07-24 13:54 - 2013-07-24 13:54 - 00000600 _____ C:\Users\Simon\Documents\ark.txt 2013-07-24 13:19 - 2013-07-24 06:37 - 00000680 _____ C:\Users\Simon\AppData\Local\d3d9caps.dat 2013-07-24 13:15 - 2013-07-24 13:15 - 109366227 _____ C:\Windows\MEMORY.DMP 2013-07-24 13:15 - 2013-07-24 13:15 - 00139096 _____ C:\Windows\Minidump\Mini072413-01.dmp 2013-07-24 13:15 - 2013-07-24 13:15 - 00000000 ____D C:\Windows\Minidump 2013-07-24 13:11 - 2013-07-24 13:11 - 00377856 _____ C:\Users\Simon\Downloads\dibjzip4.exe 2013-07-24 13:10 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache 2013-07-24 12:52 - 2013-01-04 23:22 - 00071824 _____ C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-24 12:49 - 2006-11-02 13:44 - 00306648 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-24 12:48 - 2013-06-19 04:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-24 09:30 - 2008-06-21 11:16 - 00000000 ____D C:\Program Files\Microsoft Works 2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-07-24 09:23 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-07-24 09:04 - 2013-07-24 09:04 - 00003125 _____ C:\Users\Simon\Desktop\attach.txt 2013-07-24 09:02 - 2013-07-24 09:04 - 00016176 _____ C:\Users\Simon\Desktop\dds.txt 2013-07-24 08:53 - 2013-07-24 08:53 - 00688992 ____R (Swearware) C:\Users\Simon\Downloads\dds.scr 2013-07-24 08:42 - 2013-07-24 08:42 - 00001688 _____ C:\AdwCleaner[s1].txt 2013-07-24 08:41 - 2013-07-24 08:41 - 00666633 _____ C:\Users\Simon\Downloads\AdwCleaner.exe 2013-07-24 08:39 - 2013-07-24 08:39 - 00002031 _____ C:\Users\Simon\Desktop\JRT.txt 2013-07-24 08:33 - 2013-07-24 08:33 - 00000000 ____D C:\Windows\ERUNT 2013-07-24 08:32 - 2013-07-24 08:32 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simon\Downloads\JRT.exe 2013-07-24 08:21 - 2013-02-20 15:17 - 00007871 _____ C:\Windows\IE9_main.log 2013-07-24 08:13 - 2013-07-24 08:13 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\WindowsUpdate 2013-07-24 07:52 - 2013-07-24 07:52 - 00000000 ____D C:\Windows\system32\WindowsPowerShell 2013-07-24 07:45 - 2013-07-22 21:21 - 00000000 ____D C:\Users\Administrator.Simon-PC 2013-07-24 07:18 - 2013-07-24 07:18 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Malwarebytes 2013-07-24 07:18 - 2013-07-23 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-24 07:18 - 2013-07-23 18:20 - 00000000 ____D C:\mbar 2013-07-24 07:01 - 2013-07-24 07:01 - 00000000 _____ C:\Windows\setupact.log 2013-07-24 06:51 - 2013-06-21 19:11 - 00000000 ____D C:\ProgramData\MFAData 2013-07-24 06:50 - 2013-06-21 19:11 - 00000000 ____D C:\Users\Simon\AppData\Local\Avg2013 2013-07-24 05:45 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\system32\XPSViewer 2013-07-24 05:45 - 2006-11-02 13:35 - 00000000 ____D C:\Program Files\Movie Maker 2013-07-24 03:04 - 2013-07-24 03:03 - 00283170 _____ C:\Windows\msxml4-KB954430-enu.LOG 2013-07-24 03:03 - 2013-07-24 03:03 - 00000000 ____D C:\Program Files\MSXML 4.0 2013-07-24 03:03 - 2013-07-24 03:02 - 00288984 _____ C:\Windows\msxml4-KB973688-enu.LOG 2013-07-23 18:21 - 2013-01-23 16:06 - 00000069 _____ C:\Windows\NeroDigital.ini 2013-07-23 18:20 - 2013-07-23 18:20 - 13399154 _____ C:\Users\Simon\Downloads\mbar-1.06.0.1004.zip 2013-07-23 16:25 - 2013-07-23 16:24 - 00000000 ____D C:\Users\Simon\Desktop\Old Firefox Data 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\KBDRU19.dll 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\ds16gt6.dll 2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\catsrvutk.dll 2013-07-23 09:49 - 2013-07-23 09:49 - 00000905 _____ C:\Users\Public\Desktop\QuickMediaConverter.lnk 2013-07-23 09:49 - 2013-07-23 09:49 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Cocoon Software 2013-07-23 09:48 - 2013-07-23 08:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc 2013-07-23 09:47 - 2013-07-23 09:47 - 01091123 _____ (Conduit) C:\Users\Simon\Downloads\QMC.exe 2013-07-23 09:43 - 2013-07-23 09:43 - 16228762 _____ C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar 2013-07-23 09:35 - 2013-07-23 09:35 - 18903019 _____ (ZJMedia Digital Technology Ltd.) C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe 2013-07-23 09:35 - 2013-07-23 09:35 - 00001040 _____ C:\Users\Simon\Desktop\WinAVI Video Converter.lnk 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\WinAVI 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Local\WinAVI 2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Program Files\WinAVI 2013-07-23 09:10 - 2013-07-25 20:57 - 00001652 _____ C:\Users\Simon\Desktop\PS3 Media Server.lnk 2013-07-23 08:36 - 2013-07-23 08:36 - 00000822 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-07-23 08:35 - 2013-07-23 08:34 - 22937227 _____ C:\Users\Simon\Downloads\vlc-2.0.7-win32.exe 2013-07-23 08:35 - 2013-02-17 15:04 - 00000000 ____D C:\Program Files\VideoLAN 2013-07-22 22:28 - 2013-07-22 22:28 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0.exe 2013-07-22 22:08 - 2013-07-22 22:08 - 22937227 _____ C:\Users\Administrator.Simon-PC\Downloads\vlc-2.0.7-win32.exe 2013-07-22 22:06 - 2013-07-22 22:06 - 01543745 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB960568-x86.msu 2013-07-22 22:05 - 2013-07-22 22:05 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck(1).exe 2013-07-22 22:03 - 2013-07-22 22:03 - 00000797 _____ C:\Windows\KB842773.log 2013-07-22 22:02 - 2013-07-22 22:02 - 00721136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\WindowsServer2003-KB842773-x86-enu.exe 2013-07-22 22:00 - 2013-07-22 22:00 - 00477549 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB939159-x86.msu 2013-07-22 21:59 - 2013-07-22 21:59 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck.exe 2013-07-22 21:45 - 2013-07-22 21:45 - 00127984 _____ C:\Users\Administrator.Simon-PC\Downloads\windowsupdate.diagcab 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Macromedia 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Adobe 2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Macromedia 2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Mozilla 2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Mozilla 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Apple Computer 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PowerCinema 2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PlayMovie 2013-07-22 21:21 - 2013-07-22 21:21 - 00000020 ___SH C:\Users\Administrator.Simon-PC\ntuser.ini 2013-07-22 21:19 - 2013-07-22 21:19 - 00000020 ___SH C:\Users\Administrator\ntuser.ini 2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Users\Administrator 2013-07-22 20:45 - 2013-07-22 20:42 - 00000000 ____D C:\ProgramData\PMS 2013-07-22 20:45 - 2013-07-22 20:39 - 35265091 _____ C:\Users\Simon\Downloads\pms-setup-windows-1.82.0.exe 2013-07-22 17:39 - 2013-07-22 17:39 - 00000779 _____ C:\Users\Simon\Desktop\Handbrake.lnk 2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2013-07-22 17:39 - 2013-07-22 17:35 - 00000000 ____D C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 17:39 - 2013-07-22 17:33 - 00000000 ____D C:\Program Files\Handbrake 2013-07-22 17:33 - 2013-07-22 17:33 - 13888037 _____ C:\Users\Simon\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe 2013-07-22 17:30 - 2013-07-22 17:28 - 25001480 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\NetFx20SP2_x86.exe 2013-07-22 17:28 - 2013-07-22 17:28 - 01213248 _____ (DVDVideoSoft Ltd. ) C:\Users\Simon\Downloads\FreeStudio.exe 2013-07-22 17:15 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\AnvSoft 2013-07-22 17:14 - 2013-07-22 17:14 - 00000955 _____ C:\Users\Simon\Desktop\Any Video Converter.lnk 2013-07-22 17:13 - 2013-07-22 17:13 - 00000000 ____D C:\Program Files\AnvSoft 2013-07-22 17:11 - 2013-07-22 17:08 - 32238280 _____ (Any-Video-Converter.com ) C:\Users\Simon\Downloads\avc-free.exe 2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\ProgramData\Sun 2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\Program Files\Common Files\Java 2013-07-21 09:22 - 2013-07-21 09:23 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-07-21 09:22 - 2013-07-21 09:23 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-07-21 09:22 - 2013-07-21 09:23 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-07-21 09:22 - 2013-07-21 09:23 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-07-21 09:22 - 2013-07-21 09:23 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-07-21 09:22 - 2013-07-21 09:23 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-07-21 09:22 - 2013-07-21 09:22 - 00000000 ____D C:\Program Files\Java 2013-07-21 09:20 - 2013-07-21 09:20 - 00000000 ____D C:\ProgramData\McAfee 2013-07-21 09:19 - 2013-03-11 22:36 - 00000000 ____D C:\Users\Simon\Documents\android files 2013-07-21 09:18 - 2013-07-21 09:18 - 03020770 _____ () C:\Users\Simon\Desktop\TechnicLauncher.exe 2013-07-10 09:32 - 2013-06-25 14:32 - 00000000 ____D C:\tabbak 2013-07-10 00:27 - 2013-07-10 00:26 - 00015187 _____ C:\Users\Simon\AppData\Local\HWVendorDetection.log 2013-07-10 00:27 - 2013-07-10 00:21 - 49828488 _____ C:\Users\Simon\Downloads\Audio_Realtek_6.0.1.5735_Vistax64Vistax86_A(1).zip 2013-07-10 00:27 - 2013-07-10 00:21 - 30236667 _____ C:\Users\Simon\Downloads\T7a05764 2013-07-10 00:26 - 2013-07-10 00:25 - 02237480 _____ (Acer Inc.) C:\Users\Simon\Downloads\FilesDownload_HWID_HWVendorDetection.exe 2013-07-10 00:24 - 2013-03-09 22:25 - 00000000 ____D C:\Users\Simon\Downloads\mday 2013-07-10 00:13 - 2013-03-09 14:40 - 00000000 ____D C:\Users\Simon\Documents\model railway 2013-07-09 18:42 - 2013-07-09 18:37 - 32462994 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\WDM_R271.exe 2013-07-08 16:24 - 2013-07-08 16:22 - 00000000 ____D C:\Windows\system32\RTCOM 2013-07-08 16:19 - 2008-06-21 11:10 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll 2013-07-08 16:17 - 2008-06-21 11:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2013-07-08 15:59 - 2013-07-08 15:50 - 75792957 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\32bit_Vista_Win7_Win8_R271(1).exe 2013-07-08 15:47 - 2008-06-21 11:07 - 00000000 ____D C:\Program Files\Packard Bell 2013-07-08 15:45 - 2006-11-02 13:35 - 00000000 ____D C:\Program Files\Microsoft Games 2013-07-08 15:43 - 2013-03-08 13:04 - 00000000 ____D C:\Users\Simon\Documents\My Games 2013-07-08 15:43 - 2013-03-08 13:04 - 00000000 ____D C:\Users\Simon\AppData\Roaming\My Games 2013-07-08 15:42 - 2008-06-21 11:49 - 00000000 ____D C:\ProgramData\Skype 2013-07-08 15:39 - 2013-06-19 04:25 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Orbit 2013-07-08 15:35 - 2008-06-21 11:37 - 00000000 ____D C:\Windows\SHELLNEW 2013-07-08 15:22 - 2013-01-05 11:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-08 12:42 - 2013-07-08 12:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes 2013-07-08 12:41 - 2013-07-08 12:41 - 00000869 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-08 12:39 - 2013-07-08 12:38 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-08 11:58 - 2013-07-08 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-07 22:57 - 2013-06-28 06:42 - 00000000 ____D C:\Program Files\Steam 2013-07-04 21:30 - 2013-01-04 23:18 - 00000000 ____D C:\Users\Simon 2013-07-04 21:27 - 2013-07-04 21:27 - 00000768 _____ C:\Users\Public\Desktop\EPSON Scan.lnk 2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Program Files\epson 2013-07-04 21:27 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\twain_32 2013-07-04 21:23 - 2013-07-04 21:22 - 12872704 _____ C:\Users\Simon\Downloads\epson323810eu.exe 2013-07-04 07:21 - 2008-06-21 11:18 - 00000000 ____D C:\ProgramData\Adobe 2013-07-03 11:01 - 2013-01-05 00:41 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Adobe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-01 08:52 ==================== End Of Log ============================
  4. hello, have run the scan and these are the results. C:\Users\Simon\Downloads\avc-free.exe Win32/OpenCandy application C:\Users\Simon\Downloads\FreeStudio.exe Win32/OpenCandy application C:\Users\Simon\Downloads\OrbitDownloaderSetup.exe Win32/OpenCandy application C:\Users\Simon\Downloads\QMC.exe multiple threats C:\Users\Simon\Downloads\st johns\KeyFinderInstaller.exe Win32/OpenCandy application C:\Windows\System32\catsrvutk.dll Win32/Ponmocup.HF trojan C:\Windows\System32\ds16gt6.dll Win32/Ponmocup.HF trojan C:\Windows\System32\KBDRU19.dll Win32/Ponmocup.HF trojan
  5. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.30.10 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Simon :: SIMON-PC [administrator] 31/07/2013 00:08:29 mbam-log-2013-07-31 (00-08-29).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 422177 Time elapsed: 2 hour(s), 6 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  6. Sorry, I have had to separate my laptop from my wife and son. ComboFix 13-07-30.02 - Simon 30/07/2013 15:22:30.3.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.895.384 [GMT 1:00] Running from: c:\users\Simon\Desktop\ComboFix.exe Command switches used :: c:\users\Simon\Desktop\CFScript(1).txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:\windows\system32\catsrvutk.dll" "c:\windows\system32\ds16gt6.dll" "c:\windows\system32\KBDRU19.dll" "c:\windows\Tasks\LKXAYORGMF.job" "c:\windows\Tasks\ooqyobuxm.job" "c:\windows\Tasks\Ycwmnfqzbs.job" . . ((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-30 ))))))))))))))))))))))))))))))) . . 2013-07-30 14:36 . 2013-07-30 14:36 -------- d-----w- c:\users\Simon\AppData\Local\temp 2013-07-30 14:36 . 2013-07-30 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-27 21:45 . 2013-07-27 21:45 -------- d-----w- c:\users\Simon\AppData\Roaming\HandBrake 2013-07-25 20:17 . 2013-07-25 20:19 -------- d-----w- C:\usbstick 2013-07-25 11:15 . 2013-07-25 13:19 -------- d-----w- c:\users\Simon\AppData\Roaming\.minecraft 2013-07-24 16:09 . 2013-07-24 16:17 -------- d-----w- C:\8bb52fb69a465ea51d6fed28 2013-07-24 08:26 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-07-24 08:26 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-07-24 08:26 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-07-24 08:26 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-07-24 08:26 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-07-24 08:24 . 2013-07-24 08:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-07-24 08:15 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll 2013-07-24 08:05 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2013-07-24 08:04 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-07-24 08:04 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll 2013-07-24 08:03 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys 2013-07-24 08:03 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-07-24 08:03 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll 2013-07-24 07:33 . 2013-07-24 07:33 -------- d-----w- c:\windows\ERUNT 2013-07-24 06:41 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2013-07-24 06:39 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-07-24 06:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll 2013-07-24 06:36 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-07-24 06:35 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2013-07-24 06:35 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2013-07-24 02:55 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll 2013-07-24 02:49 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2013-07-24 02:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-07-24 02:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-24 02:25 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-07-24 02:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2013-07-24 02:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-07-24 02:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-07-24 02:07 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-07-24 02:07 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2013-07-24 02:03 . 2013-07-24 02:03 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 19:05 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-07-23 19:05 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-07-23 19:05 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-07-23 18:57 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2013-07-23 18:57 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2013-07-23 18:57 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2013-07-23 18:57 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2013-07-23 18:57 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2013-07-23 18:57 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2013-07-23 18:57 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2013-07-23 18:57 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2013-07-23 18:55 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2013-07-23 18:54 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll 2013-07-23 18:54 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2013-07-23 18:54 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2013-07-23 18:54 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-07-23 18:54 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys 2013-07-23 18:54 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2013-07-23 18:54 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll 2013-07-23 18:54 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2013-07-23 18:54 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2013-07-23 18:54 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2013-07-23 18:54 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2013-07-23 18:53 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-07-23 18:53 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-07-23 18:53 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-07-23 18:53 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2013-07-23 18:53 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll 2013-07-23 18:53 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2013-07-23 18:53 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll 2013-07-23 18:53 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll 2013-07-23 18:53 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-07-23 18:51 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-07-23 18:50 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll 2013-07-23 18:50 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2013-07-23 18:50 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-23 18:48 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2013-07-23 18:47 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2013-07-23 18:25 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll 2013-07-23 18:20 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-07-23 18:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2013-07-23 17:21 . 2013-07-24 06:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-23 17:20 . 2013-07-24 06:18 -------- d-----w- C:\mbar 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\KBDRU19.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\ds16gt6.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\catsrvutk.dll 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Roaming\Cocoon Software 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Local\WDSetup 2013-07-23 08:49 . 2013-07-25 20:34 -------- d-----w- c:\program files\QuickMediaConverter 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Roaming\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Local\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\program files\WinAVI 2013-07-23 07:37 . 2013-07-23 08:48 -------- d-----w- c:\users\Simon\AppData\Roaming\vlc 2013-07-22 20:19 . 2013-07-22 20:19 -------- d-----w- c:\users\Administrator 2013-07-22 19:44 . 2013-07-28 17:59 -------- d-----w- C:\vampire 2013-07-22 19:42 . 2013-07-22 19:45 -------- d-----w- c:\programdata\PMS 2013-07-22 19:41 . 2013-07-27 20:34 -------- d-----w- c:\program files\PS3 Media Server 2013-07-22 16:35 . 2013-07-22 16:39 -------- d-----w- C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 16:33 . 2013-07-22 16:39 -------- d-----w- c:\program files\Handbrake 2013-07-22 16:15 . 2013-07-22 16:15 -------- d-----w- c:\users\Simon\AppData\Roaming\AnvSoft 2013-07-22 16:13 . 2013-07-22 16:13 -------- d-----w- c:\program files\AnvSoft 2013-07-21 08:24 . 2013-07-26 19:41 -------- d-----w- c:\users\Simon\AppData\Roaming\.technic 2013-07-21 08:24 . 2013-07-21 08:24 -------- d-----w- c:\program files\Common Files\Java 2013-07-21 08:23 . 2013-07-21 08:22 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-21 08:22 . 2013-07-21 08:22 -------- d-----w- c:\program files\Java 2013-07-21 08:20 . 2013-07-21 08:20 -------- d-----w- c:\programdata\McAfee 2013-07-08 15:22 . 2013-07-08 15:24 -------- d-----w- c:\windows\system32\RTCOM 2013-07-08 15:17 . 2011-08-23 16:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll 2013-07-08 11:42 . 2013-07-08 11:42 -------- d-----w- c:\users\Simon\AppData\Roaming\Malwarebytes 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\programdata\Malwarebytes 2013-07-08 11:41 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-04 20:27 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll 2013-07-04 20:27 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe 2013-07-04 20:27 . 2008-11-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2013-07-04 20:27 . 2013-07-04 20:27 -------- d-----w- c:\program files\epson . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-08 15:19 . 2008-06-21 10:10 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-06-12 15:32 . 2013-01-05 10:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:32 . 2013-01-05 10:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite] 2008-04-07 14:09 306112 ----a-w- c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2013-01-05 00:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contents of the 'Scheduled Tasks' folder . 2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32] . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-30 c:\windows\Tasks\LKXAYORGMF.job - c:\windows\system32\ds16gt6.dll [2013-07-23 12:49] . 2013-07-30 c:\windows\Tasks\ooqyobuxm.job - c:\windows\system32\KBDRU19.dll [2013-07-23 12:49] . 2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07] . 2013-07-30 c:\windows\Tasks\Ycwmnfqzbs.job - c:\windows\system32\catsrvutk.dll [2013-07-23 12:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\ FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-30 15:36 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-07-30 15:40:24 ComboFix-quarantined-files.txt 2013-07-30 14:40 ComboFix2.txt 2013-07-26 13:31 ComboFix3.txt 2013-07-25 18:41 . Pre-Run: 17,353,240,576 bytes free Post-Run: 17,315,581,952 bytes free . - - End Of File - - E138BA288E21F760A676D2BAE3062579 5C616939100B85E558DA92B899A0FC36
  7. hello, sorry, yes I am still here will do the next step as requested.
  8. MBAM full scan Log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.26.04 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Simon :: SIMON-PC [administrator] 26/07/2013 14:37:09 mbam-log-2013-07-26 (14-37-09).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 410273 Time elapsed: 1 hour(s), 38 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. Hello again, have run the combofix scan again with the .txt file as instructed. This is the log that was created, will now run MBAM full scan. ComboFix 13-07-25.02 - Simon 26/07/2013 14:05:55.2.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.895.407 [GMT 1:00] Running from: c:\users\Simon\Desktop\ComboFix.exe Command switches used :: c:\users\Simon\Downloads\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . file zipped: c:\windows\system32\catsrvutk.dll file zipped: c:\windows\system32\ds16gt6.dll file zipped: c:\windows\system32\KBDRU19.dll file zipped: c:\windows\Tasks\LKXAYORGMF.job file zipped: c:\windows\Tasks\ooqyobuxm.job file zipped: c:\windows\Tasks\Ycwmnfqzbs.job . . ((((((((((((((((((((((((( Files Created from 2013-06-26 to 2013-07-26 ))))))))))))))))))))))))))))))) . . 2013-07-26 13:18 . 2013-07-26 13:23 -------- d-----w- c:\users\Simon\AppData\Local\temp 2013-07-26 13:18 . 2013-07-26 13:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-25 20:17 . 2013-07-25 20:19 -------- d-----w- C:\usbstick 2013-07-25 11:15 . 2013-07-25 13:19 -------- d-----w- c:\users\Simon\AppData\Roaming\.minecraft 2013-07-24 16:09 . 2013-07-24 16:17 -------- d-----w- C:\8bb52fb69a465ea51d6fed28 2013-07-24 08:26 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-07-24 08:26 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-07-24 08:26 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-07-24 08:26 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-07-24 08:26 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-07-24 08:24 . 2013-07-24 08:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-07-24 08:15 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll 2013-07-24 08:05 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2013-07-24 08:04 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-07-24 08:04 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll 2013-07-24 08:03 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys 2013-07-24 08:03 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-07-24 08:03 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll 2013-07-24 07:33 . 2013-07-24 07:33 -------- d-----w- c:\windows\ERUNT 2013-07-24 06:41 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2013-07-24 06:39 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-07-24 06:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll 2013-07-24 06:36 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-07-24 06:35 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2013-07-24 06:35 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2013-07-24 02:55 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll 2013-07-24 02:49 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2013-07-24 02:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-07-24 02:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-24 02:25 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-07-24 02:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2013-07-24 02:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-07-24 02:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-07-24 02:07 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-07-24 02:07 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2013-07-24 02:03 . 2013-07-24 02:03 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 19:05 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-07-23 19:05 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-07-23 19:05 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-07-23 18:57 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2013-07-23 18:57 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2013-07-23 18:57 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2013-07-23 18:57 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2013-07-23 18:57 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2013-07-23 18:57 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2013-07-23 18:57 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2013-07-23 18:57 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2013-07-23 18:55 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2013-07-23 18:54 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll 2013-07-23 18:54 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2013-07-23 18:54 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2013-07-23 18:54 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-07-23 18:54 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys 2013-07-23 18:54 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2013-07-23 18:54 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll 2013-07-23 18:54 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2013-07-23 18:54 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2013-07-23 18:54 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2013-07-23 18:54 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2013-07-23 18:53 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-07-23 18:53 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-07-23 18:53 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-07-23 18:53 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2013-07-23 18:53 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll 2013-07-23 18:53 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2013-07-23 18:53 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll 2013-07-23 18:53 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll 2013-07-23 18:53 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-07-23 18:51 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-07-23 18:50 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll 2013-07-23 18:50 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2013-07-23 18:50 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-23 18:48 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2013-07-23 18:47 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2013-07-23 18:25 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll 2013-07-23 18:20 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-07-23 18:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2013-07-23 17:21 . 2013-07-24 06:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-23 17:20 . 2013-07-24 06:18 -------- d-----w- C:\mbar 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\KBDRU19.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\ds16gt6.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\catsrvutk.dll 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Roaming\Cocoon Software 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Local\WDSetup 2013-07-23 08:49 . 2013-07-25 20:34 -------- d-----w- c:\program files\QuickMediaConverter 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Roaming\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Local\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\program files\WinAVI 2013-07-23 07:37 . 2013-07-23 08:48 -------- d-----w- c:\users\Simon\AppData\Roaming\vlc 2013-07-22 20:19 . 2013-07-22 20:19 -------- d-----w- c:\users\Administrator 2013-07-22 19:44 . 2013-07-23 21:03 -------- d-----w- C:\vampire 2013-07-22 19:42 . 2013-07-22 19:45 -------- d-----w- c:\programdata\PMS 2013-07-22 19:41 . 2013-07-24 04:50 -------- d-----w- c:\program files\PS3 Media Server 2013-07-22 16:35 . 2013-07-22 16:39 -------- d-----w- C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 16:33 . 2013-07-22 16:39 -------- d-----w- c:\program files\Handbrake 2013-07-22 16:15 . 2013-07-22 16:15 -------- d-----w- c:\users\Simon\AppData\Roaming\AnvSoft 2013-07-22 16:13 . 2013-07-22 16:13 -------- d-----w- c:\program files\AnvSoft 2013-07-21 08:24 . 2013-07-22 11:05 -------- d-----w- c:\users\Simon\AppData\Roaming\.technic 2013-07-21 08:24 . 2013-07-21 08:24 -------- d-----w- c:\program files\Common Files\Java 2013-07-21 08:23 . 2013-07-21 08:22 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-21 08:22 . 2013-07-21 08:22 -------- d-----w- c:\program files\Java 2013-07-21 08:20 . 2013-07-21 08:20 -------- d-----w- c:\programdata\McAfee 2013-07-08 15:22 . 2013-07-08 15:24 -------- d-----w- c:\windows\system32\RTCOM 2013-07-08 15:17 . 2011-08-23 16:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll 2013-07-08 11:42 . 2013-07-08 11:42 -------- d-----w- c:\users\Simon\AppData\Roaming\Malwarebytes 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\programdata\Malwarebytes 2013-07-08 11:41 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-04 20:27 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll 2013-07-04 20:27 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe 2013-07-04 20:27 . 2008-11-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2013-07-04 20:27 . 2013-07-04 20:27 -------- d-----w- c:\program files\epson 2013-06-28 05:44 . 2013-06-28 05:51 -------- d-----w- c:\program files\dumps 2013-06-28 05:43 . 2013-06-28 05:43 -------- d-----w- c:\program files\Common Files\Steam 2013-06-28 05:42 . 2013-07-07 21:57 -------- d-----w- c:\program files\Steam . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-08 15:19 . 2008-06-21 10:10 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-06-12 15:32 . 2013-01-05 10:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:32 . 2013-01-05 10:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\system32\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite] 2008-04-07 14:09 306112 ----a-w- c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2013-01-05 00:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contents of the 'Scheduled Tasks' folder . 2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-26 c:\windows\Tasks\LKXAYORGMF.job - c:\windows\system32\ds16gt6.dll [2013-07-23 12:49] . 2013-07-26 c:\windows\Tasks\ooqyobuxm.job - c:\windows\system32\KBDRU19.dll [2013-07-23 12:49] . 2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07] . 2013-07-26 c:\windows\Tasks\Ycwmnfqzbs.job - c:\windows\system32\catsrvutk.dll [2013-07-23 12:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\ FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-07-26 14:23 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\ATK Hotkey\ASLDRSrv.exe c:\windows\system32\rundll32.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-07-26 14:31:29 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-26 13:31 ComboFix2.txt 2013-07-25 18:41 . Pre-Run: 21,892,841,472 bytes free Post-Run: 21,843,632,128 bytes free . - - End Of File - - 3CBC52840AC2949B677A6C3EB81148CD 5C616939100B85E558DA92B899A0FC36 Upload was successful
  10. since using combofix, I am now being redirected with secure online find again.
  11. I ran combofix, it started, updated, did a scan and said it had found something called rootkit.zeroaccess, I clicked ok, it then restarted the machine and carried on running, here is the log file. ComboFix 13-07-25.02 - Simon 25/07/2013 19:13:37.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.895.91 [GMT 1:00] Running from: c:\users\Simon\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Simon\AppData\Roaming\inst.exe c:\windows\$NtUninstallKB50492$ c:\windows\system32\Icons c:\windows\system32\Icons\disable.ico c:\windows\system32\Icons\enable.ico c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-06-25 to 2013-07-25 ))))))))))))))))))))))))))))))) . . 2013-07-25 11:15 . 2013-07-25 13:19 -------- d-----w- c:\users\Simon\AppData\Roaming\.minecraft 2013-07-24 16:09 . 2013-07-24 16:17 -------- d-----w- C:\8bb52fb69a465ea51d6fed28 2013-07-24 08:26 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-07-24 08:26 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2013-07-24 08:26 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2013-07-24 08:26 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2013-07-24 08:26 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2013-07-24 08:24 . 2013-07-24 08:24 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-07-24 08:15 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll 2013-07-24 08:05 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2013-07-24 08:04 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll 2013-07-24 08:04 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll 2013-07-24 08:03 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys 2013-07-24 08:03 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll 2013-07-24 08:03 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll 2013-07-24 07:33 . 2013-07-24 07:33 -------- d-----w- c:\windows\ERUNT 2013-07-24 06:41 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2013-07-24 06:39 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-07-24 06:36 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll 2013-07-24 06:36 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-07-24 06:35 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe 2013-07-24 06:35 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2013-07-24 02:55 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll 2013-07-24 02:49 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe 2013-07-24 02:25 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-07-24 02:25 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-24 02:25 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-07-24 02:25 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2013-07-24 02:25 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-07-24 02:25 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-07-24 02:07 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-07-24 02:07 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2013-07-24 02:03 . 2013-07-24 02:03 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 19:05 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-07-23 19:05 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-07-23 19:05 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-07-23 18:57 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2013-07-23 18:57 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2013-07-23 18:57 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2013-07-23 18:57 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2013-07-23 18:57 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2013-07-23 18:57 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2013-07-23 18:57 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2013-07-23 18:57 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2013-07-23 18:55 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2013-07-23 18:54 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll 2013-07-23 18:54 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2013-07-23 18:54 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2013-07-23 18:54 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-07-23 18:54 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys 2013-07-23 18:54 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2013-07-23 18:54 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll 2013-07-23 18:54 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2013-07-23 18:54 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2013-07-23 18:54 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2013-07-23 18:54 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2013-07-23 18:53 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-07-23 18:53 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-07-23 18:53 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-07-23 18:53 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2013-07-23 18:53 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll 2013-07-23 18:53 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2013-07-23 18:53 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll 2013-07-23 18:53 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll 2013-07-23 18:53 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-07-23 18:51 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll 2013-07-23 18:50 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll 2013-07-23 18:50 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2013-07-23 18:50 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-23 18:48 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2013-07-23 18:47 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2013-07-23 18:25 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll 2013-07-23 18:20 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-07-23 18:20 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll 2013-07-23 17:21 . 2013-07-24 06:18 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-23 17:20 . 2013-07-24 06:18 -------- d-----w- C:\mbar 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\KBDRU19.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\ds16gt6.dll 2013-07-23 12:49 . 2013-07-23 12:49 120832 --sha-r- c:\windows\system32\catsrvutk.dll 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Roaming\Cocoon Software 2013-07-23 08:49 . 2013-07-23 08:49 -------- d-----w- c:\users\Simon\AppData\Local\WDSetup 2013-07-23 08:49 . 2013-07-23 08:51 -------- d-----w- c:\program files\QuickMediaConverter 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Roaming\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\users\Simon\AppData\Local\WinAVI 2013-07-23 08:35 . 2013-07-23 08:35 -------- d-----w- c:\program files\WinAVI 2013-07-23 07:37 . 2013-07-23 08:48 -------- d-----w- c:\users\Simon\AppData\Roaming\vlc 2013-07-22 20:19 . 2013-07-22 20:19 -------- d-----w- c:\users\Administrator 2013-07-22 19:44 . 2013-07-23 21:03 -------- d-----w- C:\vampire 2013-07-22 19:42 . 2013-07-22 19:45 -------- d-----w- c:\programdata\PMS 2013-07-22 19:41 . 2013-07-24 04:50 -------- d-----w- c:\program files\PS3 Media Server 2013-07-22 16:35 . 2013-07-22 16:39 -------- d-----w- C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 16:33 . 2013-07-22 16:39 -------- d-----w- c:\program files\Handbrake 2013-07-22 16:15 . 2013-07-22 16:15 -------- d-----w- c:\users\Simon\AppData\Roaming\AnvSoft 2013-07-22 16:13 . 2013-07-22 16:13 -------- d-----w- c:\program files\AnvSoft 2013-07-21 08:24 . 2013-07-22 11:05 -------- d-----w- c:\users\Simon\AppData\Roaming\.technic 2013-07-21 08:24 . 2013-07-21 08:24 -------- d-----w- c:\program files\Common Files\Java 2013-07-21 08:23 . 2013-07-21 08:22 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-21 08:23 . 2013-07-21 08:22 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-21 08:22 . 2013-07-21 08:22 -------- d-----w- c:\program files\Java 2013-07-21 08:20 . 2013-07-21 08:20 -------- d-----w- c:\programdata\McAfee 2013-07-08 15:22 . 2013-07-08 15:24 -------- d-----w- c:\windows\system32\RTCOM 2013-07-08 15:17 . 2011-08-23 16:00 357712 ----a-w- c:\windows\system32\KAAPORT.dll 2013-07-08 11:42 . 2013-07-08 11:42 -------- d-----w- c:\users\Simon\AppData\Roaming\Malwarebytes 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\programdata\Malwarebytes 2013-07-08 11:41 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-08 11:41 . 2013-07-08 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-04 20:27 . 2009-04-30 23:00 15872 ----a-w- c:\windows\system32\escdev.dll 2013-07-04 20:27 . 2009-04-30 23:00 128392 ----a-w- c:\windows\system32\esdevapp.exe 2013-07-04 20:27 . 2008-11-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll 2013-07-04 20:27 . 2013-07-04 20:27 -------- d-----w- c:\program files\epson 2013-06-28 05:44 . 2013-06-28 05:51 -------- d-----w- c:\program files\dumps 2013-06-28 05:43 . 2013-06-28 05:43 -------- d-----w- c:\program files\Common Files\Steam 2013-06-28 05:42 . 2013-07-07 21:57 -------- d-----w- c:\program files\Steam . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-08 15:19 . 2008-06-21 10:10 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-06-12 15:32 . 2013-01-05 10:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:32 . 2013-01-05 10:19 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\system32\QuickTime.qts . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite] 2008-04-07 14:09 306112 ----a-w- c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2013-01-05 00:04 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . Contents of the 'Scheduled Tasks' folder . 2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41] . 2013-07-25 c:\windows\Tasks\LKXAYORGMF.job - c:\windows\system32\ds16gt6.dll [2013-07-23 12:49] . 2013-07-25 c:\windows\Tasks\ooqyobuxm.job - c:\windows\system32\KBDRU19.dll [2013-07-23 12:49] . 2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07] . 2013-07-25 c:\windows\Tasks\Ycwmnfqzbs.job - c:\windows\system32\catsrvutk.dll [2013-07-23 12:49] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\ FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Notify-SDWinLogon - SDWinLogon.dll SafeBoot-82243734.sys MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-SmpcSys - c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . ------------------------ Other Running Processes ------------------------ . c:\program files\ATK Hotkey\ASLDRSrv.exe c:\windows\system32\rundll32.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2013-07-25 19:41:49 - machine was rebooted ComboFix-quarantined-files.txt 2013-07-25 18:41 . Pre-Run: 24,346,451,968 bytes free Post-Run: 24,490,196,992 bytes free . - - End Of File - - 1920F32D1DDEC6AF862EA22835B78DE0 5C616939100B85E558DA92B899A0FC36
  12. I've just tried Norton's uninstall tool from their website, restarted, and combofix still says that norton internet sercurity is installed and running.
  13. I've downloaded and clicked on it, it's started to load. Unfortunately it says 'anti virus: norton internet security is running and anti spyware: norton internet security is running', even though I uninstalled it. Do I ignore the warning and proceed?
  14. hello and thank you. I uninstalled ask toolbar through add/remove, then scanned. This is what was saved in the log. GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-07-24 13:54:32 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543212L9A300 rev.FBBOC40C 111.79GB Running: dibjzip4.exe; Driver: C:\Users\Simon\AppData\Local\Temp\agdoypog.sys ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83276910 ---- EOF - GMER 2.1 ----
  15. Hi all, I've used mbam many times and it has fixed my problems before with no issues, unfortunately this time it seems to be struggling, any help would be much apprecated . I had been suffering from, and thought I had removed, clicksure onlindfind virus using the steps in someoneelse's post. Unfortunately on removing that, the tlbsearch has now started. once again, any help would be much appreciated. Simon. dds.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.25.2 Run by Simon at 8:54:35 on 2013-07-24 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.895.127 [GMT 1:00] . AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\SLsvc.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\rundll32.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\IoctlSvc.exe C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe C:\Program Files\CyberLink\PlayMovie\PMVService.exe C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup c:\windows\system32\svchost.exe -k netsvcs . ============== Pseudo HJT Report =============== . BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\28.0.1500.72\npchrome_frame.dll uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean mRun: [siSTray] c:\program files\sis vga utilities\SiSTray.exe mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe" mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe" mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe" mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 192.168.0.1 TCP: Interfaces\{14743308-021E-46C9-A5D2-BA3AD8A9963C} : DHCPNameServer = 8.8.8.8 TCP: Interfaces\{6CF3490D-EC29-4DF9-AF39-002319BFECD2} : DHCPNameServer = 192.168.0.1 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\28.0.1500.72\npchrome_frame.dll Notify: SDWinLogon - SDWinLogon.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\p8q3ekr6.default-1374593077949\ FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\simon\appdata\roaming\mozilla\firefox\profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2008-6-21 41456] R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2013-6-19 13440] R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2009-11-20 465408] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128] . =============== Created Last 30 ================ . 2013-07-24 07:33:49 -------- d-----w- c:\windows\ERUNT 2013-07-24 06:41:45 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2013-07-24 06:39:35 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2013-07-24 06:36:25 1645568 ----a-w- c:\windows\system32\connect.dll 2013-07-24 06:36:21 531968 ----a-w- c:\windows\system32\comctl32.dll 2013-07-24 06:35:57 310784 ----a-w- c:\windows\system32\unregmp2.exe 2013-07-24 06:35:57 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe 2013-07-24 02:55:28 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2013-07-24 02:49:59 293376 ----a-w- c:\windows\system32\browserchoice.exe 2013-07-24 02:25:09 97800 ----a-w- c:\windows\system32\infocardapi.dll 2013-07-24 02:25:08 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-07-24 02:25:06 622080 ----a-w- c:\windows\system32\icardagt.exe 2013-07-24 02:25:06 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2013-07-24 02:25:06 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2013-07-24 02:25:06 11264 ----a-w- c:\windows\system32\icardres.dll 2013-07-24 02:25:00 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2013-07-24 02:24:55 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2013-07-24 02:08:42 96760 ----a-w- c:\windows\system32\dfshim.dll 2013-07-24 02:08:37 282112 ----a-w- c:\windows\system32\mscoree.dll 2013-07-24 02:08:32 41984 ----a-w- c:\windows\system32\netfxperf.dll 2013-07-24 02:07:55 158720 ----a-w- c:\windows\system32\mscorier.dll 2013-07-24 02:07:39 83968 ----a-w- c:\windows\system32\mscories.dll 2013-07-24 02:03:03 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 19:05:35 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2013-07-23 19:05:29 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2013-07-23 19:05:02 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2013-07-23 18:57:40 104960 ----a-w- c:\windows\system32\netiohlp.dll 2013-07-23 18:57:39 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2013-07-23 18:57:39 19968 ----a-w- c:\windows\system32\ARP.EXE 2013-07-23 18:57:38 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2013-07-23 18:57:38 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2013-07-23 18:57:38 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2013-07-23 18:57:38 17920 ----a-w- c:\windows\system32\netevent.dll 2013-07-23 18:57:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2013-07-23 18:57:38 10240 ----a-w- c:\windows\system32\finger.exe 2013-07-23 18:55:56 213504 ----a-w- c:\windows\system32\msv1_0.dll 2013-07-23 18:54:56 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2013-07-23 18:54:56 38912 ----a-w- c:\windows\system32\xolehlp.dll 2013-07-23 18:54:51 160256 ----a-w- c:\windows\system32\wkssvc.dll 2013-07-23 18:54:49 157184 ----a-w- c:\windows\system32\t2embed.dll 2013-07-23 18:54:45 2042368 ----a-w- c:\windows\system32\win32k.sys 2013-07-23 18:54:40 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2013-07-23 18:54:13 269312 ----a-w- c:\windows\system32\es.dll 2013-07-23 18:54:11 1169408 ----a-w- c:\windows\system32\sdclt.exe 2013-07-23 18:54:07 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2013-07-23 18:54:03 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2013-07-23 18:54:02 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2013-07-23 18:53:58 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2013-07-23 18:53:58 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2013-07-23 18:53:53 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-07-23 18:53:49 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2013-07-23 18:53:44 430080 ----a-w- c:\windows\system32\vbscript.dll 2013-07-23 18:53:13 636928 ----a-w- c:\windows\system32\localspl.dll 2013-07-23 18:53:08 563200 ----a-w- c:\windows\system32\oleaut32.dll 2013-07-23 18:53:01 954752 ----a-w- c:\windows\system32\mfc40.dll 2013-07-23 18:53:00 954288 ----a-w- c:\windows\system32\mfc40u.dll 2013-07-23 18:51:56 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2013-07-23 18:50:59 443392 ----a-w- c:\windows\system32\win32spl.dll 2013-07-23 18:50:50 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2013-07-23 18:50:35 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-23 18:48:58 61440 ----a-w- c:\windows\system32\msasn1.dll 2013-07-23 18:47:58 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2013-07-23 18:25:50 276992 ----a-w- c:\windows\system32\schannel.dll 2013-07-23 18:20:18 171520 ----a-w- c:\windows\system32\wintrust.dll 2013-07-23 18:20:15 98304 ----a-w- c:\windows\system32\cabview.dll 2013-07-23 17:21:41 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-07-23 17:20:55 -------- d-----w- C:\mbar 2013-07-23 12:49:30 120832 --sha-r- c:\windows\system32\KBDRU19.dll 2013-07-23 12:49:30 120832 --sha-r- c:\windows\system32\ds16gt6.dll 2013-07-23 12:49:30 120832 --sha-r- c:\windows\system32\catsrvutk.dll 2013-07-23 08:49:44 -------- d-----w- c:\users\simon\appdata\roaming\Cocoon Software 2013-07-23 08:49:41 -------- d-----w- c:\users\simon\appdata\local\WDSetup 2013-07-23 08:49:35 -------- d-----w- c:\program files\QuickMediaConverter 2013-07-23 08:35:54 -------- d-----w- c:\users\simon\appdata\roaming\WinAVI 2013-07-23 08:35:54 -------- d-----w- c:\users\simon\appdata\local\WinAVI 2013-07-23 08:35:36 -------- d-----w- c:\program files\WinAVI 2013-07-22 19:44:57 -------- d-----w- C:\vampire 2013-07-22 19:42:13 -------- d-----w- c:\programdata\PMS 2013-07-22 19:41:20 -------- d-----w- c:\program files\PS3 Media Server 2013-07-22 16:35:30 -------- d-----w- C:\0ef2d2fe2e17082f2b92f115576b55 2013-07-22 16:33:38 -------- d-----w- c:\program files\Handbrake 2013-07-22 16:15:19 -------- d-----w- c:\users\simon\appdata\roaming\AnvSoft 2013-07-22 16:13:33 -------- d-----w- c:\program files\AnvSoft 2013-07-21 08:24:50 -------- d-----w- c:\users\simon\appdata\roaming\.technic 2013-07-21 08:23:59 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-21 08:23:58 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-21 08:23:29 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-08 15:22:05 -------- d-----w- c:\windows\system32\RTCOM 2013-07-08 15:17:57 357712 ----a-w- c:\windows\system32\KAAPORT.dll 2013-07-08 11:42:04 -------- d-----w- c:\users\simon\appdata\roaming\Malwarebytes 2013-07-08 11:41:22 -------- d-----w- c:\programdata\Malwarebytes 2013-07-08 11:41:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-08 11:41:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-04 20:27:47 15872 ----a-w- c:\windows\system32\escdev.dll 2013-07-04 20:27:47 128392 ----a-w- c:\windows\system32\esdevapp.exe 2013-07-04 20:27:46 342016 ----a-w- c:\windows\system32\eswiaud.dll 2013-07-04 20:27:27 -------- d-----w- c:\program files\epson 2013-06-28 05:44:28 -------- d-----w- c:\program files\dumps 2013-06-28 05:43:20 -------- d-----w- c:\program files\common files\Steam 2013-06-28 05:42:58 -------- d-----w- c:\program files\Steam 2013-06-25 13:32:08 -------- d-----w- C:\tabbak . ==================== Find3M ==================== . 2013-07-08 15:19:00 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-06-12 15:32:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-12 15:32:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-01 02:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 02:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts . ============= FINISH: 9:02:54.73 =============== attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 04/01/2013 22:11:29 System Uptime: 24/07/2013 08:45:17 (1 hours ago) . Motherboard: PACKARD BELL BV | | T12C Processor: Genuine Intel® CPU T1400 @ 1.73GHz | CPU 1 | 1732/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 102 GiB total, 18.521 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . 7-Zip 9.20 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 6 Adobe Photoshop Elements 6.0 Adobe Reader 8.1.0 Adobe Reader X (10.1.7) Adobe Shockwave Player Android Commander version 0.7.9.11 Any Video Converter 5.0.7 Apple Application Support Apple Mobile Device Support Apple Software Update Ask Toolbar ATK Hotkey Belarc Advisor 8.3 Bonjour British Telecom Carbonite Compatibility Pack for the 2007 Office system ConvertHelper 2.2 CyberLink PowerCinema EPSON Scan EPSON SX210 Series Printer Uninstall Firefox Google BAE Google Chrome Frame Google Earth Google Update Helper HandBrake 0.9.9.1 HDReg Helium Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Infocentre Rev. 2.0.0.1 Internet From BT iTunes Java 7 Update 25 Java Auto Updater KeyboardTest V3.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft Works 9 SE Microsoft XML Parser Microsoft® Office Trial 2007 Mozilla Firefox 22.0 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 Essentials neroxml Packard Bell ImageWriter Packard Bell LCD Test Packard Bell Updator PdaNet+ for Android 4.12 Picasa 2 Picasa2 Power Cinema 6 Protect your files now PS3 Media Server Quick Media Converter HD QuickTime Realtek High Definition Audio Driver Roll SCARM 0.9.17 beta SeaTools for Windows SiS VGA Utilities Spybot - Search & Destroy Steam Synaptics Pointing Device Driver VCRedistSetup VLC media player 2.0.7 WinAVI Video Converter . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.