Jump to content

hit by tlbsearch virues


Recommended Posts

Hi all, I've used mbam many times and it has fixed my problems before with no issues, unfortunately this time it seems to be struggling, any help would be much apprecated

.

I had been suffering from, and thought I had removed, clicksure onlindfind virus using the steps in someoneelse's post.

Unfortunately on removing that, the tlbsearch has now started.

 

once again, any help would be much appreciated.

Simon.

 

dds.txt

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.25.2
Run by Simon at 8:54:35 on 2013-07-24
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.44.1033.18.895.127 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\windows\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.



BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\28.0.1500.72\npchrome_frame.dll
uRun: [spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [siSTray] c:\program files\sis vga utilities\SiSTray.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema\kernel\clml\CLMLSvc.exe"
mRun: [PlayMovie] "c:\program files\cyberlink\playmovie\PMVService.exe"
mRun: [toolbar_eula_launcher] c:\program files\packard bell\google_eula\EULALauncher.exe
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\simon\appdata\roaming\micros~1\windows\startm~1\programs\startup\pdanet~1.lnk - c:\program files\pdanet for android\PdaNetPC.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{14743308-021E-46C9-A5D2-BA3AD8A9963C} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{6CF3490D-EC29-4DF9-AF39-002319BFECD2} : DHCPNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\28.0.1500.72\npchrome_frame.dll
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\p8q3ekr6.default-1374593077949\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\simon\appdata\roaming\mozilla\firefox\profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\cyberlink\playmovie\000.fcl [2008-6-21 41456]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2013-6-19 13440]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2009-11-20 465408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2008-9-9 48128]
.
=============== Created Last 30 ================
.
2013-07-24 07:33:49    --------    d-----w-    c:\windows\ERUNT
2013-07-24 06:41:45    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2013-07-24 06:39:35    425472    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2013-07-24 06:36:25    1645568    ----a-w-    c:\windows\system32\connect.dll
2013-07-24 06:36:21    531968    ----a-w-    c:\windows\system32\comctl32.dll
2013-07-24 06:35:57    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2013-07-24 06:35:57    1418752    ----a-w-    c:\program files\windows media player\setup_wm.exe
2013-07-24 02:55:28    454656    ----a-w-    c:\program files\common files\system\msadc\msadce.dll
2013-07-24 02:49:59    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-07-24 02:25:09    97800    ----a-w-    c:\windows\system32\infocardapi.dll
2013-07-24 02:25:08    105016    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-24 02:25:06    622080    ----a-w-    c:\windows\system32\icardagt.exe
2013-07-24 02:25:06    43544    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-07-24 02:25:06    37384    ----a-w-    c:\windows\system32\infocardcpl.cpl
2013-07-24 02:25:06    11264    ----a-w-    c:\windows\system32\icardres.dll
2013-07-24 02:25:00    781344    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-24 02:24:55    326160    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-07-24 02:08:42    96760    ----a-w-    c:\windows\system32\dfshim.dll
2013-07-24 02:08:37    282112    ----a-w-    c:\windows\system32\mscoree.dll
2013-07-24 02:08:32    41984    ----a-w-    c:\windows\system32\netfxperf.dll
2013-07-24 02:07:55    158720    ----a-w-    c:\windows\system32\mscorier.dll
2013-07-24 02:07:39    83968    ----a-w-    c:\windows\system32\mscories.dll
2013-07-24 02:03:03    --------    d-----w-    c:\program files\MSXML 4.0
2013-07-23 19:05:35    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2013-07-23 19:05:29    2644480    ----a-w-    c:\windows\system32\NlsLexicons0009.dll
2013-07-23 19:05:02    801280    ----a-w-    c:\windows\system32\NaturalLanguage6.dll
2013-07-23 18:57:40    104960    ----a-w-    c:\windows\system32\netiohlp.dll
2013-07-23 18:57:39    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-07-23 18:57:39    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-07-23 18:57:38    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-07-23 18:57:38    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-07-23 18:57:38    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-07-23 18:57:38    17920    ----a-w-    c:\windows\system32\netevent.dll
2013-07-23 18:57:38    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-07-23 18:57:38    10240    ----a-w-    c:\windows\system32\finger.exe
2013-07-23 18:55:56    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2013-07-23 18:54:56    562176    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-07-23 18:54:56    38912    ----a-w-    c:\windows\system32\xolehlp.dll
2013-07-23 18:54:51    160256    ----a-w-    c:\windows\system32\wkssvc.dll
2013-07-23 18:54:49    157184    ----a-w-    c:\windows\system32\t2embed.dll
2013-07-23 18:54:45    2042368    ----a-w-    c:\windows\system32\win32k.sys
2013-07-23 18:54:40    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-07-23 18:54:13    269312    ----a-w-    c:\windows\system32\es.dll
2013-07-23 18:54:11    1169408    ----a-w-    c:\windows\system32\sdclt.exe
2013-07-23 18:54:07    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2013-07-23 18:54:03    10926592    ----a-w-    c:\program files\movie maker\MOVIEMK.dll
2013-07-23 18:54:02    150016    ----a-w-    c:\program files\movie maker\MOVIEMK.exe
2013-07-23 18:53:58    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-07-23 18:53:58    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-07-23 18:53:53    766464    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-07-23 18:53:49    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2013-07-23 18:53:44    430080    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-23 18:53:13    636928    ----a-w-    c:\windows\system32\localspl.dll
2013-07-23 18:53:08    563200    ----a-w-    c:\windows\system32\oleaut32.dll
2013-07-23 18:53:01    954752    ----a-w-    c:\windows\system32\mfc40.dll
2013-07-23 18:53:00    954288    ----a-w-    c:\windows\system32\mfc40u.dll
2013-07-23 18:51:56    25088    ----a-w-    c:\windows\system32\drivers\tunnel.sys
2013-07-23 18:50:59    443392    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-23 18:50:50    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2013-07-23 18:50:35    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-23 18:48:58    61440    ----a-w-    c:\windows\system32\msasn1.dll
2013-07-23 18:47:58    604672    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2013-07-23 18:25:50    276992    ----a-w-    c:\windows\system32\schannel.dll
2013-07-23 18:20:18    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-23 18:20:15    98304    ----a-w-    c:\windows\system32\cabview.dll
2013-07-23 17:21:41    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 17:20:55    --------    d-----w-    C:\mbar
2013-07-23 12:49:30    120832    --sha-r-    c:\windows\system32\KBDRU19.dll
2013-07-23 12:49:30    120832    --sha-r-    c:\windows\system32\ds16gt6.dll
2013-07-23 12:49:30    120832    --sha-r-    c:\windows\system32\catsrvutk.dll
2013-07-23 08:49:44    --------    d-----w-    c:\users\simon\appdata\roaming\Cocoon Software
2013-07-23 08:49:41    --------    d-----w-    c:\users\simon\appdata\local\WDSetup
2013-07-23 08:49:35    --------    d-----w-    c:\program files\QuickMediaConverter
2013-07-23 08:35:54    --------    d-----w-    c:\users\simon\appdata\roaming\WinAVI
2013-07-23 08:35:54    --------    d-----w-    c:\users\simon\appdata\local\WinAVI
2013-07-23 08:35:36    --------    d-----w-    c:\program files\WinAVI
2013-07-22 19:44:57    --------    d-----w-    C:\vampire
2013-07-22 19:42:13    --------    d-----w-    c:\programdata\PMS
2013-07-22 19:41:20    --------    d-----w-    c:\program files\PS3 Media Server
2013-07-22 16:35:30    --------    d-----w-    C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 16:33:38    --------    d-----w-    c:\program files\Handbrake
2013-07-22 16:15:19    --------    d-----w-    c:\users\simon\appdata\roaming\AnvSoft
2013-07-22 16:13:33    --------    d-----w-    c:\program files\AnvSoft
2013-07-21 08:24:50    --------    d-----w-    c:\users\simon\appdata\roaming\.technic
2013-07-21 08:23:59    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-21 08:23:58    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-21 08:23:29    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-08 15:22:05    --------    d-----w-    c:\windows\system32\RTCOM
2013-07-08 15:17:57    357712    ----a-w-    c:\windows\system32\KAAPORT.dll
2013-07-08 11:42:04    --------    d-----w-    c:\users\simon\appdata\roaming\Malwarebytes
2013-07-08 11:41:22    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-08 11:41:04    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-08 11:41:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-04 20:27:47    15872    ----a-w-    c:\windows\system32\escdev.dll
2013-07-04 20:27:47    128392    ----a-w-    c:\windows\system32\esdevapp.exe
2013-07-04 20:27:46    342016    ----a-w-    c:\windows\system32\eswiaud.dll
2013-07-04 20:27:27    --------    d-----w-    c:\program files\epson
2013-06-28 05:44:28    --------    d-----w-    c:\program files\dumps
2013-06-28 05:43:20    --------    d-----w-    c:\program files\common files\Steam
2013-06-28 05:42:58    --------    d-----w-    c:\program files\Steam
2013-06-25 13:32:08    --------    d-----w-    C:\tabbak
.
==================== Find3M  ====================
.
2013-07-08 15:19:00    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-06-12 15:32:14    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:32:14    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 02:59:12    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 02:59:12    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
============= FINISH:  9:02:54.73 ===============

 

 

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 04/01/2013 22:11:29
System Uptime: 24/07/2013 08:45:17 (1 hours ago)
.
Motherboard: PACKARD BELL BV                |  | T12C      
Processor: Genuine Intel® CPU           T1400  @ 1.73GHz | CPU 1 | 1732/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 102 GiB total, 18.521 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.0
Adobe Reader X (10.1.7)
Adobe Shockwave Player
Android Commander version 0.7.9.11
Any Video Converter 5.0.7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATK Hotkey
Belarc Advisor 8.3
Bonjour
British Telecom
Carbonite
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
CyberLink PowerCinema
EPSON Scan
EPSON SX210 Series Printer Uninstall
Firefox
Google BAE
Google Chrome Frame
Google Earth
Google Update Helper
HandBrake 0.9.9.1
HDReg
Helium
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Infocentre Rev. 2.0.0.1
Internet From BT
iTunes
Java 7 Update 25
Java Auto Updater
KeyboardTest V3.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 9 SE
Microsoft XML Parser
Microsoft® Office Trial 2007
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PdaNet+ for Android 4.12
Picasa 2
Picasa2
Power Cinema 6
Protect your files now
PS3 Media Server
Quick Media Converter HD
QuickTime
Realtek High Definition Audio Driver
Roll
SCARM 0.9.17 beta
SeaTools for Windows
SiS VGA Utilities
Spybot - Search & Destroy
Steam
Synaptics Pointing Device Driver
VCRedistSetup
VLC media player 2.0.7
WinAVI Video Converter
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Ask Toolbar


Close the window. 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

hello and thank you.

 

I uninstalled ask toolbar through add/remove, then scanned.

 

This is what was saved in the log.

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-24 13:54:32
Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Hitachi_HTS543212L9A300 rev.FBBOC40C 111.79GB
Running: dibjzip4.exe; Driver: C:\Users\Simon\AppData\Local\Temp\agdoypog.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys

---- Processes - GMER 2.1 ----

Process          (*** hidden *** )                       [4] 83276910  

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

I ran combofix, it started, updated, did a scan and said it had found something called rootkit.zeroaccess, I clicked ok, it then restarted the machine and carried on running, here is the log file.

 

ComboFix 13-07-25.02 - Simon 25/07/2013  19:13:37.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.44.1033.18.895.91 [GMT 1:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Simon\AppData\Roaming\inst.exe
c:\windows\$NtUninstallKB50492$
c:\windows\system32\Icons
c:\windows\system32\Icons\disable.ico
c:\windows\system32\Icons\enable.ico
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))
.
.
2013-07-25 11:15 . 2013-07-25 13:19    --------    d-----w-    c:\users\Simon\AppData\Roaming\.minecraft
2013-07-24 16:09 . 2013-07-24 16:17    --------    d-----w-    C:\8bb52fb69a465ea51d6fed28
2013-07-24 08:26 . 2009-11-08 09:55    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-07-24 08:26 . 2009-11-08 09:55    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2013-07-24 08:26 . 2009-11-08 09:55    297808    ----a-w-    c:\windows\system32\mscoree.dll
2013-07-24 08:26 . 2009-11-08 09:55    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-07-24 08:26 . 2009-11-08 09:55    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-07-24 08:24 . 2013-07-24 08:24    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-07-24 08:15 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2013-07-24 08:05 . 2009-08-24 12:16    378368    ----a-w-    c:\windows\system32\winhttp.dll
2013-07-24 08:04 . 2010-09-06 16:24    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2013-07-24 08:04 . 2010-09-06 16:23    17920    ----a-w-    c:\windows\system32\netevent.dll
2013-07-24 08:03 . 2009-11-03 19:53    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2013-07-24 08:03 . 2009-11-03 22:17    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2013-07-24 08:03 . 2009-11-03 22:15    31232    ----a-w-    c:\windows\system32\httpapi.dll
2013-07-24 07:33 . 2013-07-24 07:33    --------    d-----w-    c:\windows\ERUNT
2013-07-24 06:41 . 2009-10-09 21:56    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2013-07-24 06:39 . 2008-08-28 03:40    425472    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2013-07-24 06:36 . 2008-10-21 05:25    1645568    ----a-w-    c:\windows\system32\connect.dll
2013-07-24 06:36 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll
2013-07-24 06:35 . 2009-09-10 15:21    1418752    ----a-w-    c:\program files\Windows Media Player\setup_wm.exe
2013-07-24 06:35 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2013-07-24 02:55 . 2008-04-30 05:36    454656    ----a-w-    c:\program files\Common Files\System\msadc\msadce.dll
2013-07-24 02:49 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-07-24 02:25 . 2008-06-20 01:14    97800    ----a-w-    c:\windows\system32\infocardapi.dll
2013-07-24 02:25 . 2008-06-20 01:14    105016    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-24 02:25 . 2008-06-20 01:14    37384    ----a-w-    c:\windows\system32\infocardcpl.cpl
2013-07-24 02:25 . 2008-06-20 01:14    11264    ----a-w-    c:\windows\system32\icardres.dll
2013-07-24 02:25 . 2008-06-20 01:14    622080    ----a-w-    c:\windows\system32\icardagt.exe
2013-07-24 02:25 . 2008-06-20 01:14    781344    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-24 02:07 . 2008-07-27 18:03    158720    ----a-w-    c:\windows\system32\mscorier.dll
2013-07-24 02:07 . 2008-07-27 18:03    83968    ----a-w-    c:\windows\system32\mscories.dll
2013-07-24 02:03 . 2013-07-24 02:03    --------    d-----w-    c:\program files\MSXML 4.0
2013-07-23 19:05 . 2008-06-26 01:45    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2013-07-23 19:05 . 2008-06-26 01:45    2644480    ----a-w-    c:\windows\system32\NlsLexicons0009.dll
2013-07-23 19:05 . 2008-06-26 03:29    801280    ----a-w-    c:\windows\system32\NaturalLanguage6.dll
2013-07-23 18:57 . 2009-08-14 16:29    104960    ----a-w-    c:\windows\system32\netiohlp.dll
2013-07-23 18:57 . 2009-08-14 14:16    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-07-23 18:57 . 2009-08-14 14:16    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-07-23 18:57 . 2009-08-14 14:16    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-07-23 18:57 . 2009-08-14 14:16    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-07-23 18:57 . 2009-08-14 14:16    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-07-23 18:57 . 2009-08-14 14:16    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-07-23 18:57 . 2009-08-14 14:16    10240    ----a-w-    c:\windows\system32\finger.exe
2013-07-23 18:55 . 2009-09-10 17:30    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2013-07-23 18:54 . 2008-06-06 03:27    38912    ----a-w-    c:\windows\system32\xolehlp.dll
2013-07-23 18:54 . 2008-06-06 03:27    562176    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-07-23 18:54 . 2009-06-10 12:12    160256    ----a-w-    c:\windows\system32\wkssvc.dll
2013-07-23 18:54 . 2010-08-26 16:07    157184    ----a-w-    c:\windows\system32\t2embed.dll
2013-07-23 18:54 . 2011-06-02 12:59    2042368    ----a-w-    c:\windows\system32\win32k.sys
2013-07-23 18:54 . 2011-04-21 13:16    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-07-23 18:54 . 2008-04-18 05:48    269312    ----a-w-    c:\windows\system32\es.dll
2013-07-23 18:54 . 2010-12-14 15:49    1169408    ----a-w-    c:\windows\system32\sdclt.exe
2013-07-23 18:54 . 2008-06-26 03:29    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2013-07-23 18:54 . 2010-06-17 17:15    10926592    ----a-w-    c:\program files\Movie Maker\MOVIEMK.dll
2013-07-23 18:54 . 2010-06-17 15:49    150016    ----a-w-    c:\program files\Movie Maker\MOVIEMK.exe
2013-07-23 18:53 . 2011-04-29 12:49    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-07-23 18:53 . 2011-04-29 12:49    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-07-23 18:53 . 2011-05-02 16:00    766464    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-07-23 18:53 . 2010-04-05 16:08    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2013-07-23 18:53 . 2011-02-16 15:35    430080    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-23 18:53 . 2009-04-23 12:42    636928    ----a-w-    c:\windows\system32\localspl.dll
2013-07-23 18:53 . 2010-12-20 15:39    563200    ----a-w-    c:\windows\system32\oleaut32.dll
2013-07-23 18:53 . 2010-08-31 15:41    954752    ----a-w-    c:\windows\system32\mfc40.dll
2013-07-23 18:53 . 2010-08-31 15:41    954288    ----a-w-    c:\windows\system32\mfc40u.dll
2013-07-23 18:51 . 2010-02-18 14:11    190464    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-07-23 18:50 . 2008-08-12 03:39    443392    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-23 18:50 . 2008-05-10 01:33    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2013-07-23 18:50 . 2010-10-28 12:56    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-23 18:48 . 2009-09-04 12:24    61440    ----a-w-    c:\windows\system32\msasn1.dll
2013-07-23 18:47 . 2009-04-02 12:37    604672    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2013-07-23 18:25 . 2011-04-29 14:54    276992    ----a-w-    c:\windows\system32\schannel.dll
2013-07-23 18:20 . 2009-12-23 12:43    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-23 18:20 . 2010-01-15 00:04    98304    ----a-w-    c:\windows\system32\cabview.dll
2013-07-23 17:21 . 2013-07-24 06:18    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 17:20 . 2013-07-24 06:18    --------    d-----w-    C:\mbar
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\KBDRU19.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\ds16gt6.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\catsrvutk.dll
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Roaming\Cocoon Software
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Local\WDSetup
2013-07-23 08:49 . 2013-07-23 08:51    --------    d-----w-    c:\program files\QuickMediaConverter
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Roaming\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Local\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\program files\WinAVI
2013-07-23 07:37 . 2013-07-23 08:48    --------    d-----w-    c:\users\Simon\AppData\Roaming\vlc
2013-07-22 20:19 . 2013-07-22 20:19    --------    d-----w-    c:\users\Administrator
2013-07-22 19:44 . 2013-07-23 21:03    --------    d-----w-    C:\vampire
2013-07-22 19:42 . 2013-07-22 19:45    --------    d-----w-    c:\programdata\PMS
2013-07-22 19:41 . 2013-07-24 04:50    --------    d-----w-    c:\program files\PS3 Media Server
2013-07-22 16:35 . 2013-07-22 16:39    --------    d-----w-    C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 16:33 . 2013-07-22 16:39    --------    d-----w-    c:\program files\Handbrake
2013-07-22 16:15 . 2013-07-22 16:15    --------    d-----w-    c:\users\Simon\AppData\Roaming\AnvSoft
2013-07-22 16:13 . 2013-07-22 16:13    --------    d-----w-    c:\program files\AnvSoft
2013-07-21 08:24 . 2013-07-22 11:05    --------    d-----w-    c:\users\Simon\AppData\Roaming\.technic
2013-07-21 08:24 . 2013-07-21 08:24    --------    d-----w-    c:\program files\Common Files\Java
2013-07-21 08:23 . 2013-07-21 08:22    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 08:22 . 2013-07-21 08:22    --------    d-----w-    c:\program files\Java
2013-07-21 08:20 . 2013-07-21 08:20    --------    d-----w-    c:\programdata\McAfee
2013-07-08 15:22 . 2013-07-08 15:24    --------    d-----w-    c:\windows\system32\RTCOM
2013-07-08 15:17 . 2011-08-23 16:00    357712    ----a-w-    c:\windows\system32\KAAPORT.dll
2013-07-08 11:42 . 2013-07-08 11:42    --------    d-----w-    c:\users\Simon\AppData\Roaming\Malwarebytes
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-08 11:41 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-04 20:27 . 2009-04-30 23:00    15872    ----a-w-    c:\windows\system32\escdev.dll
2013-07-04 20:27 . 2009-04-30 23:00    128392    ----a-w-    c:\windows\system32\esdevapp.exe
2013-07-04 20:27 . 2008-11-16 23:00    342016    ----a-w-    c:\windows\system32\eswiaud.dll
2013-07-04 20:27 . 2013-07-04 20:27    --------    d-----w-    c:\program files\epson
2013-06-28 05:44 . 2013-06-28 05:51    --------    d-----w-    c:\program files\dumps
2013-06-28 05:43 . 2013-06-28 05:43    --------    d-----w-    c:\program files\Common Files\Steam
2013-06-28 05:42 . 2013-07-07 21:57    --------    d-----w-    c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 15:19 . 2008-06-21 10:10    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-06-12 15:32 . 2013-01-05 10:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:32 . 2013-01-05 10:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 02:59 . 2013-05-01 02:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 02:59 . 2013-05-01 02:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-04-07 14:09    306112    ----a-w-    c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-01-05 00:04    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-25 c:\windows\Tasks\LKXAYORGMF.job
- c:\windows\system32\ds16gt6.dll [2013-07-23 12:49]
.
2013-07-25 c:\windows\Tasks\ooqyobuxm.job
- c:\windows\system32\KBDRU19.dll [2013-07-23 12:49]
.
2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07]
.
2013-07-25 c:\windows\Tasks\Ycwmnfqzbs.job
- c:\windows\system32\catsrvutk.dll [2013-07-23 12:49]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\
FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-82243734.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SmpcSys - c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-07-25  19:41:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-25 18:41
.
Pre-Run: 24,346,451,968 bytes free
Post-Run: 24,490,196,992 bytes free
.
- - End Of File - - 1920F32D1DDEC6AF862EA22835B78DE0
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

CFScript.txt

Link to post
Share on other sites

Hello again, have run the combofix scan again with the .txt file as instructed. This is the log that was created, will now run MBAM full scan.

 

ComboFix 13-07-25.02 - Simon 26/07/2013  14:05:55.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.44.1033.18.895.407 [GMT 1:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
Command switches used :: c:\users\Simon\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
file zipped: c:\windows\system32\catsrvutk.dll
file zipped: c:\windows\system32\ds16gt6.dll
file zipped: c:\windows\system32\KBDRU19.dll
file zipped: c:\windows\Tasks\LKXAYORGMF.job
file zipped: c:\windows\Tasks\ooqyobuxm.job
file zipped: c:\windows\Tasks\Ycwmnfqzbs.job
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-26 13:18 . 2013-07-26 13:23    --------    d-----w-    c:\users\Simon\AppData\Local\temp
2013-07-26 13:18 . 2013-07-26 13:18    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-25 20:17 . 2013-07-25 20:19    --------    d-----w-    C:\usbstick
2013-07-25 11:15 . 2013-07-25 13:19    --------    d-----w-    c:\users\Simon\AppData\Roaming\.minecraft
2013-07-24 16:09 . 2013-07-24 16:17    --------    d-----w-    C:\8bb52fb69a465ea51d6fed28
2013-07-24 08:26 . 2009-11-08 09:55    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-07-24 08:26 . 2009-11-08 09:55    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2013-07-24 08:26 . 2009-11-08 09:55    297808    ----a-w-    c:\windows\system32\mscoree.dll
2013-07-24 08:26 . 2009-11-08 09:55    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-07-24 08:26 . 2009-11-08 09:55    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-07-24 08:24 . 2013-07-24 08:24    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-07-24 08:15 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2013-07-24 08:05 . 2009-08-24 12:16    378368    ----a-w-    c:\windows\system32\winhttp.dll
2013-07-24 08:04 . 2010-09-06 16:24    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2013-07-24 08:04 . 2010-09-06 16:23    17920    ----a-w-    c:\windows\system32\netevent.dll
2013-07-24 08:03 . 2009-11-03 19:53    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2013-07-24 08:03 . 2009-11-03 22:17    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2013-07-24 08:03 . 2009-11-03 22:15    31232    ----a-w-    c:\windows\system32\httpapi.dll
2013-07-24 07:33 . 2013-07-24 07:33    --------    d-----w-    c:\windows\ERUNT
2013-07-24 06:41 . 2009-10-09 21:56    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2013-07-24 06:39 . 2008-08-28 03:40    425472    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2013-07-24 06:36 . 2008-10-21 05:25    1645568    ----a-w-    c:\windows\system32\connect.dll
2013-07-24 06:36 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll
2013-07-24 06:35 . 2009-09-10 15:21    1418752    ----a-w-    c:\program files\Windows Media Player\setup_wm.exe
2013-07-24 06:35 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2013-07-24 02:55 . 2008-04-30 05:36    454656    ----a-w-    c:\program files\Common Files\System\msadc\msadce.dll
2013-07-24 02:49 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-07-24 02:25 . 2008-06-20 01:14    97800    ----a-w-    c:\windows\system32\infocardapi.dll
2013-07-24 02:25 . 2008-06-20 01:14    105016    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-24 02:25 . 2008-06-20 01:14    37384    ----a-w-    c:\windows\system32\infocardcpl.cpl
2013-07-24 02:25 . 2008-06-20 01:14    11264    ----a-w-    c:\windows\system32\icardres.dll
2013-07-24 02:25 . 2008-06-20 01:14    622080    ----a-w-    c:\windows\system32\icardagt.exe
2013-07-24 02:25 . 2008-06-20 01:14    781344    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-24 02:07 . 2008-07-27 18:03    158720    ----a-w-    c:\windows\system32\mscorier.dll
2013-07-24 02:07 . 2008-07-27 18:03    83968    ----a-w-    c:\windows\system32\mscories.dll
2013-07-24 02:03 . 2013-07-24 02:03    --------    d-----w-    c:\program files\MSXML 4.0
2013-07-23 19:05 . 2008-06-26 01:45    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2013-07-23 19:05 . 2008-06-26 01:45    2644480    ----a-w-    c:\windows\system32\NlsLexicons0009.dll
2013-07-23 19:05 . 2008-06-26 03:29    801280    ----a-w-    c:\windows\system32\NaturalLanguage6.dll
2013-07-23 18:57 . 2009-08-14 16:29    104960    ----a-w-    c:\windows\system32\netiohlp.dll
2013-07-23 18:57 . 2009-08-14 14:16    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-07-23 18:57 . 2009-08-14 14:16    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-07-23 18:57 . 2009-08-14 14:16    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-07-23 18:57 . 2009-08-14 14:16    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-07-23 18:57 . 2009-08-14 14:16    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-07-23 18:57 . 2009-08-14 14:16    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-07-23 18:57 . 2009-08-14 14:16    10240    ----a-w-    c:\windows\system32\finger.exe
2013-07-23 18:55 . 2009-09-10 17:30    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2013-07-23 18:54 . 2008-06-06 03:27    38912    ----a-w-    c:\windows\system32\xolehlp.dll
2013-07-23 18:54 . 2008-06-06 03:27    562176    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-07-23 18:54 . 2009-06-10 12:12    160256    ----a-w-    c:\windows\system32\wkssvc.dll
2013-07-23 18:54 . 2010-08-26 16:07    157184    ----a-w-    c:\windows\system32\t2embed.dll
2013-07-23 18:54 . 2011-06-02 12:59    2042368    ----a-w-    c:\windows\system32\win32k.sys
2013-07-23 18:54 . 2011-04-21 13:16    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-07-23 18:54 . 2008-04-18 05:48    269312    ----a-w-    c:\windows\system32\es.dll
2013-07-23 18:54 . 2010-12-14 15:49    1169408    ----a-w-    c:\windows\system32\sdclt.exe
2013-07-23 18:54 . 2008-06-26 03:29    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2013-07-23 18:54 . 2010-06-17 17:15    10926592    ----a-w-    c:\program files\Movie Maker\MOVIEMK.dll
2013-07-23 18:54 . 2010-06-17 15:49    150016    ----a-w-    c:\program files\Movie Maker\MOVIEMK.exe
2013-07-23 18:53 . 2011-04-29 12:49    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-07-23 18:53 . 2011-04-29 12:49    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-07-23 18:53 . 2011-05-02 16:00    766464    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-07-23 18:53 . 2010-04-05 16:08    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2013-07-23 18:53 . 2011-02-16 15:35    430080    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-23 18:53 . 2009-04-23 12:42    636928    ----a-w-    c:\windows\system32\localspl.dll
2013-07-23 18:53 . 2010-12-20 15:39    563200    ----a-w-    c:\windows\system32\oleaut32.dll
2013-07-23 18:53 . 2010-08-31 15:41    954752    ----a-w-    c:\windows\system32\mfc40.dll
2013-07-23 18:53 . 2010-08-31 15:41    954288    ----a-w-    c:\windows\system32\mfc40u.dll
2013-07-23 18:51 . 2010-02-18 14:11    190464    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-07-23 18:50 . 2008-08-12 03:39    443392    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-23 18:50 . 2008-05-10 01:33    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2013-07-23 18:50 . 2010-10-28 12:56    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-23 18:48 . 2009-09-04 12:24    61440    ----a-w-    c:\windows\system32\msasn1.dll
2013-07-23 18:47 . 2009-04-02 12:37    604672    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2013-07-23 18:25 . 2011-04-29 14:54    276992    ----a-w-    c:\windows\system32\schannel.dll
2013-07-23 18:20 . 2009-12-23 12:43    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-23 18:20 . 2010-01-15 00:04    98304    ----a-w-    c:\windows\system32\cabview.dll
2013-07-23 17:21 . 2013-07-24 06:18    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 17:20 . 2013-07-24 06:18    --------    d-----w-    C:\mbar
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\KBDRU19.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\ds16gt6.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\catsrvutk.dll
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Roaming\Cocoon Software
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Local\WDSetup
2013-07-23 08:49 . 2013-07-25 20:34    --------    d-----w-    c:\program files\QuickMediaConverter
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Roaming\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Local\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\program files\WinAVI
2013-07-23 07:37 . 2013-07-23 08:48    --------    d-----w-    c:\users\Simon\AppData\Roaming\vlc
2013-07-22 20:19 . 2013-07-22 20:19    --------    d-----w-    c:\users\Administrator
2013-07-22 19:44 . 2013-07-23 21:03    --------    d-----w-    C:\vampire
2013-07-22 19:42 . 2013-07-22 19:45    --------    d-----w-    c:\programdata\PMS
2013-07-22 19:41 . 2013-07-24 04:50    --------    d-----w-    c:\program files\PS3 Media Server
2013-07-22 16:35 . 2013-07-22 16:39    --------    d-----w-    C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 16:33 . 2013-07-22 16:39    --------    d-----w-    c:\program files\Handbrake
2013-07-22 16:15 . 2013-07-22 16:15    --------    d-----w-    c:\users\Simon\AppData\Roaming\AnvSoft
2013-07-22 16:13 . 2013-07-22 16:13    --------    d-----w-    c:\program files\AnvSoft
2013-07-21 08:24 . 2013-07-22 11:05    --------    d-----w-    c:\users\Simon\AppData\Roaming\.technic
2013-07-21 08:24 . 2013-07-21 08:24    --------    d-----w-    c:\program files\Common Files\Java
2013-07-21 08:23 . 2013-07-21 08:22    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 08:22 . 2013-07-21 08:22    --------    d-----w-    c:\program files\Java
2013-07-21 08:20 . 2013-07-21 08:20    --------    d-----w-    c:\programdata\McAfee
2013-07-08 15:22 . 2013-07-08 15:24    --------    d-----w-    c:\windows\system32\RTCOM
2013-07-08 15:17 . 2011-08-23 16:00    357712    ----a-w-    c:\windows\system32\KAAPORT.dll
2013-07-08 11:42 . 2013-07-08 11:42    --------    d-----w-    c:\users\Simon\AppData\Roaming\Malwarebytes
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-08 11:41 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-04 20:27 . 2009-04-30 23:00    15872    ----a-w-    c:\windows\system32\escdev.dll
2013-07-04 20:27 . 2009-04-30 23:00    128392    ----a-w-    c:\windows\system32\esdevapp.exe
2013-07-04 20:27 . 2008-11-16 23:00    342016    ----a-w-    c:\windows\system32\eswiaud.dll
2013-07-04 20:27 . 2013-07-04 20:27    --------    d-----w-    c:\program files\epson
2013-06-28 05:44 . 2013-06-28 05:51    --------    d-----w-    c:\program files\dumps
2013-06-28 05:43 . 2013-06-28 05:43    --------    d-----w-    c:\program files\Common Files\Steam
2013-06-28 05:42 . 2013-07-07 21:57    --------    d-----w-    c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 15:19 . 2008-06-21 10:10    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-06-12 15:32 . 2013-01-05 10:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:32 . 2013-01-05 10:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-01 02:59 . 2013-05-01 02:59    94208    ----a-w-    c:\windows\system32\QuickTimeVR.qtx
2013-05-01 02:59 . 2013-05-01 02:59    69632    ----a-w-    c:\windows\system32\QuickTime.qts
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-04-07 14:09    306112    ----a-w-    c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-01-05 00:04    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-26 c:\windows\Tasks\LKXAYORGMF.job
- c:\windows\system32\ds16gt6.dll [2013-07-23 12:49]
.
2013-07-26 c:\windows\Tasks\ooqyobuxm.job
- c:\windows\system32\KBDRU19.dll [2013-07-23 12:49]
.
2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07]
.
2013-07-26 c:\windows\Tasks\Ycwmnfqzbs.job
- c:\windows\system32\catsrvutk.dll [2013-07-23 12:49]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\
FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-26 14:23
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-07-26  14:31:29 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-26 13:31
ComboFix2.txt  2013-07-25 18:41
.
Pre-Run: 21,892,841,472 bytes free
Post-Run: 21,843,632,128 bytes free
.
- - End Of File - - 3CBC52840AC2949B677A6C3EB81148CD
5C616939100B85E558DA92B899A0FC36
Upload was successful
 

Link to post
Share on other sites

MBAM full scan Log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.26.04

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Simon :: SIMON-PC [administrator]

26/07/2013 14:37:09
mbam-log-2013-07-26 (14-37-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 410273
Time elapsed: 1 hour(s), 38 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

CFScript.txt

Link to post
Share on other sites

Sorry, I have had to separate my laptop from my wife and son.

 

ComboFix 13-07-30.02 - Simon 30/07/2013  15:22:30.3.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6001.1.1252.44.1033.18.895.384 [GMT 1:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
Command switches used :: c:\users\Simon\Desktop\CFScript(1).txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\system32\catsrvutk.dll"
"c:\windows\system32\ds16gt6.dll"
"c:\windows\system32\KBDRU19.dll"
"c:\windows\Tasks\LKXAYORGMF.job"
"c:\windows\Tasks\ooqyobuxm.job"
"c:\windows\Tasks\Ycwmnfqzbs.job"
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-30  )))))))))))))))))))))))))))))))
.
.
2013-07-30 14:36 . 2013-07-30 14:36    --------    d-----w-    c:\users\Simon\AppData\Local\temp
2013-07-30 14:36 . 2013-07-30 14:36    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-27 21:45 . 2013-07-27 21:45    --------    d-----w-    c:\users\Simon\AppData\Roaming\HandBrake
2013-07-25 20:17 . 2013-07-25 20:19    --------    d-----w-    C:\usbstick
2013-07-25 11:15 . 2013-07-25 13:19    --------    d-----w-    c:\users\Simon\AppData\Roaming\.minecraft
2013-07-24 16:09 . 2013-07-24 16:17    --------    d-----w-    C:\8bb52fb69a465ea51d6fed28
2013-07-24 08:26 . 2009-11-08 09:55    99176    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-07-24 08:26 . 2009-11-08 09:55    49472    ----a-w-    c:\windows\system32\netfxperf.dll
2013-07-24 08:26 . 2009-11-08 09:55    297808    ----a-w-    c:\windows\system32\mscoree.dll
2013-07-24 08:26 . 2009-11-08 09:55    295264    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-07-24 08:26 . 2009-11-08 09:55    1130824    ----a-w-    c:\windows\system32\dfshim.dll
2013-07-24 08:24 . 2013-07-24 08:24    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-07-24 08:15 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2013-07-24 08:05 . 2009-08-24 12:16    378368    ----a-w-    c:\windows\system32\winhttp.dll
2013-07-24 08:04 . 2010-09-06 16:24    125952    ----a-w-    c:\windows\system32\srvsvc.dll
2013-07-24 08:04 . 2010-09-06 16:23    17920    ----a-w-    c:\windows\system32\netevent.dll
2013-07-24 08:03 . 2009-11-03 19:53    411136    ----a-w-    c:\windows\system32\drivers\http.sys
2013-07-24 08:03 . 2009-11-03 22:17    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2013-07-24 08:03 . 2009-11-03 22:15    31232    ----a-w-    c:\windows\system32\httpapi.dll
2013-07-24 07:33 . 2013-07-24 07:33    --------    d-----w-    c:\windows\ERUNT
2013-07-24 06:41 . 2009-10-09 21:56    2048    ----a-w-    c:\windows\system32\winrsmgr.dll
2013-07-24 06:39 . 2008-08-28 03:40    425472    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2013-07-24 06:36 . 2008-10-21 05:25    1645568    ----a-w-    c:\windows\system32\connect.dll
2013-07-24 06:36 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll
2013-07-24 06:35 . 2009-09-10 15:21    1418752    ----a-w-    c:\program files\Windows Media Player\setup_wm.exe
2013-07-24 06:35 . 2009-09-10 15:21    310784    ----a-w-    c:\windows\system32\unregmp2.exe
2013-07-24 02:55 . 2008-04-30 05:36    454656    ----a-w-    c:\program files\Common Files\System\msadc\msadce.dll
2013-07-24 02:49 . 2010-02-12 10:48    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-07-24 02:25 . 2008-06-20 01:14    97800    ----a-w-    c:\windows\system32\infocardapi.dll
2013-07-24 02:25 . 2008-06-20 01:14    105016    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-24 02:25 . 2008-06-20 01:14    37384    ----a-w-    c:\windows\system32\infocardcpl.cpl
2013-07-24 02:25 . 2008-06-20 01:14    11264    ----a-w-    c:\windows\system32\icardres.dll
2013-07-24 02:25 . 2008-06-20 01:14    622080    ----a-w-    c:\windows\system32\icardagt.exe
2013-07-24 02:25 . 2008-06-20 01:14    781344    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-07-24 02:07 . 2008-07-27 18:03    158720    ----a-w-    c:\windows\system32\mscorier.dll
2013-07-24 02:07 . 2008-07-27 18:03    83968    ----a-w-    c:\windows\system32\mscories.dll
2013-07-24 02:03 . 2013-07-24 02:03    --------    d-----w-    c:\program files\MSXML 4.0
2013-07-23 19:05 . 2008-06-26 01:45    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2013-07-23 19:05 . 2008-06-26 01:45    2644480    ----a-w-    c:\windows\system32\NlsLexicons0009.dll
2013-07-23 19:05 . 2008-06-26 03:29    801280    ----a-w-    c:\windows\system32\NaturalLanguage6.dll
2013-07-23 18:57 . 2009-08-14 16:29    104960    ----a-w-    c:\windows\system32\netiohlp.dll
2013-07-23 18:57 . 2009-08-14 14:16    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-07-23 18:57 . 2009-08-14 14:16    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-07-23 18:57 . 2009-08-14 14:16    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-07-23 18:57 . 2009-08-14 14:16    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-07-23 18:57 . 2009-08-14 14:16    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-07-23 18:57 . 2009-08-14 14:16    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-07-23 18:57 . 2009-08-14 14:16    10240    ----a-w-    c:\windows\system32\finger.exe
2013-07-23 18:55 . 2009-09-10 17:30    213504    ----a-w-    c:\windows\system32\msv1_0.dll
2013-07-23 18:54 . 2008-06-06 03:27    38912    ----a-w-    c:\windows\system32\xolehlp.dll
2013-07-23 18:54 . 2008-06-06 03:27    562176    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-07-23 18:54 . 2009-06-10 12:12    160256    ----a-w-    c:\windows\system32\wkssvc.dll
2013-07-23 18:54 . 2010-08-26 16:07    157184    ----a-w-    c:\windows\system32\t2embed.dll
2013-07-23 18:54 . 2011-06-02 12:59    2042368    ----a-w-    c:\windows\system32\win32k.sys
2013-07-23 18:54 . 2011-04-21 13:16    273408    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-07-23 18:54 . 2008-04-18 05:48    269312    ----a-w-    c:\windows\system32\es.dll
2013-07-23 18:54 . 2010-12-14 15:49    1169408    ----a-w-    c:\windows\system32\sdclt.exe
2013-07-23 18:54 . 2008-06-26 03:29    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2013-07-23 18:54 . 2010-06-17 17:15    10926592    ----a-w-    c:\program files\Movie Maker\MOVIEMK.dll
2013-07-23 18:54 . 2010-06-17 15:49    150016    ----a-w-    c:\program files\Movie Maker\MOVIEMK.exe
2013-07-23 18:53 . 2011-04-29 12:49    146432    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-07-23 18:53 . 2011-04-29 12:49    102400    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-07-23 18:53 . 2011-05-02 16:00    766464    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-07-23 18:53 . 2010-04-05 16:08    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2013-07-23 18:53 . 2011-02-16 15:35    430080    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-23 18:53 . 2009-04-23 12:42    636928    ----a-w-    c:\windows\system32\localspl.dll
2013-07-23 18:53 . 2010-12-20 15:39    563200    ----a-w-    c:\windows\system32\oleaut32.dll
2013-07-23 18:53 . 2010-08-31 15:41    954752    ----a-w-    c:\windows\system32\mfc40.dll
2013-07-23 18:53 . 2010-08-31 15:41    954288    ----a-w-    c:\windows\system32\mfc40u.dll
2013-07-23 18:51 . 2010-02-18 14:11    190464    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-07-23 18:50 . 2008-08-12 03:39    443392    ----a-w-    c:\windows\system32\win32spl.dll
2013-07-23 18:50 . 2008-05-10 01:33    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2013-07-23 18:50 . 2010-10-28 12:56    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-23 18:48 . 2009-09-04 12:24    61440    ----a-w-    c:\windows\system32\msasn1.dll
2013-07-23 18:47 . 2009-04-02 12:37    604672    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2013-07-23 18:25 . 2011-04-29 14:54    276992    ----a-w-    c:\windows\system32\schannel.dll
2013-07-23 18:20 . 2009-12-23 12:43    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-23 18:20 . 2010-01-15 00:04    98304    ----a-w-    c:\windows\system32\cabview.dll
2013-07-23 17:21 . 2013-07-24 06:18    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-07-23 17:20 . 2013-07-24 06:18    --------    d-----w-    C:\mbar
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\KBDRU19.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\ds16gt6.dll
2013-07-23 12:49 . 2013-07-23 12:49    120832    --sha-r-    c:\windows\system32\catsrvutk.dll
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Roaming\Cocoon Software
2013-07-23 08:49 . 2013-07-23 08:49    --------    d-----w-    c:\users\Simon\AppData\Local\WDSetup
2013-07-23 08:49 . 2013-07-25 20:34    --------    d-----w-    c:\program files\QuickMediaConverter
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Roaming\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\users\Simon\AppData\Local\WinAVI
2013-07-23 08:35 . 2013-07-23 08:35    --------    d-----w-    c:\program files\WinAVI
2013-07-23 07:37 . 2013-07-23 08:48    --------    d-----w-    c:\users\Simon\AppData\Roaming\vlc
2013-07-22 20:19 . 2013-07-22 20:19    --------    d-----w-    c:\users\Administrator
2013-07-22 19:44 . 2013-07-28 17:59    --------    d-----w-    C:\vampire
2013-07-22 19:42 . 2013-07-22 19:45    --------    d-----w-    c:\programdata\PMS
2013-07-22 19:41 . 2013-07-27 20:34    --------    d-----w-    c:\program files\PS3 Media Server
2013-07-22 16:35 . 2013-07-22 16:39    --------    d-----w-    C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 16:33 . 2013-07-22 16:39    --------    d-----w-    c:\program files\Handbrake
2013-07-22 16:15 . 2013-07-22 16:15    --------    d-----w-    c:\users\Simon\AppData\Roaming\AnvSoft
2013-07-22 16:13 . 2013-07-22 16:13    --------    d-----w-    c:\program files\AnvSoft
2013-07-21 08:24 . 2013-07-26 19:41    --------    d-----w-    c:\users\Simon\AppData\Roaming\.technic
2013-07-21 08:24 . 2013-07-21 08:24    --------    d-----w-    c:\program files\Common Files\Java
2013-07-21 08:23 . 2013-07-21 08:22    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-21 08:23 . 2013-07-21 08:22    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-21 08:22 . 2013-07-21 08:22    --------    d-----w-    c:\program files\Java
2013-07-21 08:20 . 2013-07-21 08:20    --------    d-----w-    c:\programdata\McAfee
2013-07-08 15:22 . 2013-07-08 15:24    --------    d-----w-    c:\windows\system32\RTCOM
2013-07-08 15:17 . 2011-08-23 16:00    357712    ----a-w-    c:\windows\system32\KAAPORT.dll
2013-07-08 11:42 . 2013-07-08 11:42    --------    d-----w-    c:\users\Simon\AppData\Roaming\Malwarebytes
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\programdata\Malwarebytes
2013-07-08 11:41 . 2013-04-04 13:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-07-08 11:41 . 2013-07-08 11:41    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-07-04 20:27 . 2009-04-30 23:00    15872    ----a-w-    c:\windows\system32\escdev.dll
2013-07-04 20:27 . 2009-04-30 23:00    128392    ----a-w-    c:\windows\system32\esdevapp.exe
2013-07-04 20:27 . 2008-11-16 23:00    342016    ----a-w-    c:\windows\system32\eswiaud.dll
2013-07-04 20:27 . 2013-07-04 20:27    --------    d-----w-    c:\program files\epson
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 15:19 . 2008-06-21 10:10    319456    ----a-w-    c:\windows\DIFxAPI.dll
2013-06-12 15:32 . 2013-01-05 10:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:32 . 2013-01-05 10:19    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608]
"PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-03-29 11930696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-19 1054320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2008-04-07 14:09    306112    ----a-w-    c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2013-01-05 00:04    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-05 15:32]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-06 11:41]
.
2013-07-30 c:\windows\Tasks\LKXAYORGMF.job
- c:\windows\system32\ds16gt6.dll [2013-07-23 12:49]
.
2013-07-30 c:\windows\Tasks\ooqyobuxm.job
- c:\windows\system32\KBDRU19.dll [2013-07-23 12:49]
.
2013-07-24 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-02-18 14:07]
.
2013-07-30 c:\windows\Tasks\Ycwmnfqzbs.job
- c:\windows\system32\catsrvutk.dll [2013-07-23 12:49]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\
FF - ExtSQL: 2013-07-23 21:06; artur.dubovoy@gmail.com; c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default-1374593077949\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-07-24 03:36; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-30 15:36
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-30  15:40:24
ComboFix-quarantined-files.txt  2013-07-30 14:40
ComboFix2.txt  2013-07-26 13:31
ComboFix3.txt  2013-07-25 18:41
.
Pre-Run: 17,353,240,576 bytes free
Post-Run: 17,315,581,952 bytes free
.
- - End Of File - - E138BA288E21F760A676D2BAE3062579
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.30.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Simon :: SIMON-PC [administrator]

31/07/2013 00:08:29
mbam-log-2013-07-31 (00-08-29).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422177
Time elapsed: 2 hour(s), 6 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

good!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

hello, have run the scan and these are the results.

 

C:\Users\Simon\Downloads\avc-free.exe    Win32/OpenCandy application
C:\Users\Simon\Downloads\FreeStudio.exe    Win32/OpenCandy application
C:\Users\Simon\Downloads\OrbitDownloaderSetup.exe    Win32/OpenCandy application
C:\Users\Simon\Downloads\QMC.exe    multiple threats
C:\Users\Simon\Downloads\st johns\KeyFinderInstaller.exe    Win32/OpenCandy application
C:\Windows\System32\catsrvutk.dll    Win32/Ponmocup.HF trojan
C:\Windows\System32\ds16gt6.dll    Win32/Ponmocup.HF trojan
C:\Windows\System32\KBDRU19.dll    Win32/Ponmocup.HF trojan
 

Link to post
Share on other sites

huh? :blink:

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

frst log

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by Simon (administrator) on 01-08-2013 14:36:23
Running from C:\Users\Simon\Downloads
Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
() C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\system32\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files\ATK Hotkey\Hcontrol.exe
(Silicon Integrated Systems Corporation) C:\Program Files\SiS VGA Utilities\SiSTray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
(CyberLink) C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PlayMovie\PMVService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\PdaNet for Android\PdaNetPC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [siSTray] - C:\Program Files\SiS VGA Utilities\SiSTray.exe [552960 2007-10-16] (Silicon Integrated Systems Corporation)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-03-01] (Synaptics, Inc.)
HKLM\...\Run: [PCMAgent] - C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [143360 2008-03-21] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [196608 2008-04-11] (CyberLink)
HKLM\...\Run: [PlayMovie] - C:\Program Files\CyberLink\PlayMovie\PMVService.exe [172032 2008-03-31] (CyberLink Corp.)
HKLM\...\Run: [toolbar_eula_launcher] - C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [28672 2007-02-20] ( )
HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11930696 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKCU\...\Run: [spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\Administrator\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.packardbell.com/?id=9088
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: SDHelper - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll__BHODemonDisabled No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\p8q3ekr6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\CyberLink\PlayMovie\000.fcl [41456 2008-03-31] (Cyberlink Corp.)
S3 catchme; \??\C:\Users\Simon\AppData\Local\Temp\catchme.sys [x]
S3 CFcatchme; \??\C:\Users\Simon\AppData\Local\Temp\CFcatchme.sys [x]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [x]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [x]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 14:35 - 2013-08-01 14:35 - 01222064 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe
2013-08-01 14:35 - 2013-08-01 14:35 - 00000000 ____D C:\FRST
2013-07-31 19:49 - 2013-07-31 19:49 - 00000528 _____ C:\Users\Simon\Desktop\onlinescan.txt
2013-07-31 18:06 - 2013-07-31 18:06 - 00000000 ____D C:\Program Files\ESET
2013-07-31 18:05 - 2013-07-31 18:06 - 02347384 _____ (ESET) C:\Users\Simon\Downloads\esetsmartinstaller_enu.exe
2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Windows\Sun
2013-07-30 15:40 - 2013-07-30 15:40 - 00018114 _____ C:\ComboFix.txt
2013-07-30 15:18 - 2013-07-30 15:40 - 00000000 ____D C:\ComboFix
2013-07-27 22:45 - 2013-07-27 22:45 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HandBrake
2013-07-27 21:29 - 2013-07-27 21:29 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0(1).exe
2013-07-27 21:28 - 2013-07-27 21:28 - 00001393 _____ C:\Users\Administrator.Simon-PC\Desktop\taskmgr - Shortcut.lnk
2013-07-27 21:28 - 2008-01-21 03:56 - 00000230 _____ C:\Users\Administrator.Simon-PC\Desktop\Run.lnk
2013-07-27 20:59 - 2013-07-27 20:59 - 00000223 _____ C:\Users\Simon\Downloads\CFScript.txt
2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Cocoon Software
2013-07-25 21:30 - 2013-07-25 21:31 - 66560136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\Plex-Media-Server-0.9.728.33-f80a4a2-en-US.exe
2013-07-25 21:24 - 2013-07-25 21:24 - 19577768 _____ C:\Users\Administrator.Simon-PC\Downloads\TVersitySetup_2_5.exe
2013-07-25 21:17 - 2013-07-25 21:19 - 00000000 ____D C:\usbstick
2013-07-25 20:57 - 2013-07-23 09:10 - 00001652 _____ C:\Users\Simon\Desktop\PS3 Media Server.lnk
2013-07-25 19:00 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-25 19:00 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-25 19:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-25 19:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-25 19:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-25 19:00 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-25 19:00 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-25 19:00 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-25 12:15 - 2013-07-25 14:19 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.minecraft
2013-07-25 12:14 - 2013-07-25 12:15 - 00675988 _____ C:\Users\Simon\Desktop\Minecraft.exe
2013-07-24 17:09 - 2013-07-24 17:17 - 00000000 ____D C:\8bb52fb69a465ea51d6fed28
2013-07-24 16:01 - 2013-07-24 16:01 - 00866592 _____ C:\Users\Simon\Downloads\Norton_Removal_Tool.exe
2013-07-24 15:15 - 2013-07-30 15:40 - 00000000 ____D C:\Qoobox
2013-07-24 15:14 - 2013-07-30 15:16 - 05095756 ____R (Swearware) C:\Users\Simon\Desktop\ComboFix.exe
2013-07-24 15:14 - 2013-07-25 19:37 - 00000000 ____D C:\Windows\erdnt
2013-07-24 15:13 - 2013-07-24 15:13 - 05092950 _____ (Swearware) C:\Users\Simon\Downloads\ComboFix.exe
2013-07-24 13:54 - 2013-07-24 13:54 - 00000600 _____ C:\Users\Simon\Documents\ark.txt
2013-07-24 13:15 - 2013-07-24 13:15 - 109366227 _____ C:\Windows\MEMORY.DMP
2013-07-24 13:15 - 2013-07-24 13:15 - 00139096 _____ C:\Windows\Minidump\Mini072413-01.dmp
2013-07-24 13:15 - 2013-07-24 13:15 - 00000000 ____D C:\Windows\Minidump
2013-07-24 13:11 - 2013-07-24 13:11 - 00377856 _____ C:\Users\Simon\Downloads\dibjzip4.exe
2013-07-24 09:26 - 2009-11-08 10:55 - 01130824 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2013-07-24 09:26 - 2009-11-08 10:55 - 00297808 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2013-07-24 09:26 - 2009-11-08 10:55 - 00295264 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2013-07-24 09:26 - 2009-11-08 10:55 - 00099176 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2013-07-24 09:26 - 2009-11-08 10:55 - 00049472 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-24 09:15 - 2010-09-20 10:25 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\msshsq.dll
2013-07-24 09:05 - 2009-08-24 13:16 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2013-07-24 09:04 - 2013-07-24 09:04 - 00003125 _____ C:\Users\Simon\Desktop\attach.txt
2013-07-24 09:04 - 2013-07-24 09:02 - 00016176 _____ C:\Users\Simon\Desktop\dds.txt
2013-07-24 09:04 - 2010-09-06 17:24 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2013-07-24 09:04 - 2010-09-06 17:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-07-24 09:03 - 2009-11-03 23:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\nshhttp.dll
2013-07-24 09:03 - 2009-11-03 23:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\httpapi.dll
2013-07-24 09:03 - 2009-11-03 20:53 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2013-07-24 08:53 - 2013-07-24 08:53 - 00688992 ____R (Swearware) C:\Users\Simon\Downloads\dds.scr
2013-07-24 08:42 - 2013-07-24 08:42 - 00001688 _____ C:\AdwCleaner[s1].txt
2013-07-24 08:41 - 2013-07-24 08:41 - 00666633 _____ C:\Users\Simon\Downloads\AdwCleaner.exe
2013-07-24 08:39 - 2013-07-24 08:39 - 00002031 _____ C:\Users\Simon\Desktop\JRT.txt
2013-07-24 08:33 - 2013-07-24 08:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 08:32 - 2013-07-24 08:32 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simon\Downloads\JRT.exe
2013-07-24 08:13 - 2013-07-24 08:13 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\WindowsUpdate
2013-07-24 07:52 - 2013-07-24 07:52 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-07-24 07:46 - 2008-05-27 06:21 - 01582592 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-07-24 07:46 - 2008-05-27 06:21 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-07-24 07:46 - 2008-05-27 06:18 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-07-24 07:46 - 2008-05-27 06:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\nlhtml.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\propdefs.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\xmlfilter.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\msstrc.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\mimefilt.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\rtffilt.dll
2013-07-24 07:46 - 2008-05-27 06:18 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\wsepno.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 06103040 _____ (Microsoft Corporation) C:\Windows\system32\chtbrkr.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 01671680 _____ (Microsoft Corporation) C:\Windows\system32\chsbrkr.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\thawbrkr.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\offfilt.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-07-24 07:46 - 2008-05-27 06:17 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\msscb.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2013-07-24 07:46 - 2008-05-27 06:17 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2013-07-24 07:46 - 2008-05-27 05:59 - 00106605 _____ C:\Windows\system32\StructuredQuerySchema.bin
2013-07-24 07:46 - 2008-05-27 05:59 - 00018904 _____ C:\Windows\system32\StructuredQuerySchemaTrivial.bin
2013-07-24 07:46 - 2007-11-08 10:04 - 11967524 _____ C:\Windows\system32\korwbrkr.lex
2013-07-24 07:41 - 2009-10-09 22:56 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2013-07-24 07:41 - 2009-10-09 22:56 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2013-07-24 07:41 - 2009-10-09 22:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2013-07-24 07:41 - 2009-10-09 22:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2013-07-24 07:41 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2013-07-24 07:41 - 2009-10-09 22:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2013-07-24 07:41 - 2009-10-09 22:55 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2013-07-24 07:41 - 2009-10-09 22:55 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2013-07-24 07:41 - 2009-10-09 22:55 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2013-07-24 07:41 - 2009-10-09 22:55 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2013-07-24 07:41 - 2009-10-09 22:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2013-07-24 07:41 - 2009-10-09 22:55 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2013-07-24 07:41 - 2009-08-01 07:27 - 00201184 _____ C:\Windows\system32\winrm.vbs
2013-07-24 07:41 - 2009-07-16 18:30 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2013-07-24 07:41 - 2009-07-16 18:30 - 00002426 _____ C:\Windows\system32\WsmTxt.xsl
2013-07-24 07:39 - 2011-04-12 15:53 - 00890368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-07-24 07:39 - 2011-03-03 15:56 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Apphlpdm.dll
2013-07-24 07:39 - 2011-03-03 14:01 - 04240384 _____ (Microsoft) C:\Windows\system32\GameUXLegacyGDFs.dll
2013-07-24 07:39 - 2010-01-25 13:48 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2013-07-24 07:39 - 2010-01-25 13:48 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2013-07-24 07:39 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2013-07-24 07:39 - 2010-01-25 13:48 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2013-07-24 07:39 - 2010-01-25 13:45 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2013-07-24 07:39 - 2010-01-25 09:35 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2013-07-24 07:39 - 2010-01-25 09:35 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2013-07-24 07:39 - 2010-01-25 09:34 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2013-07-24 07:39 - 2010-01-25 09:34 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2013-07-24 07:39 - 2009-10-23 18:42 - 00714240 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-07-24 07:39 - 2008-10-22 04:57 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\PortableDeviceApi.dll
2013-07-24 07:39 - 2008-09-18 05:56 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2013-07-24 07:39 - 2008-09-18 05:56 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2013-07-24 07:39 - 2008-08-28 04:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-07-24 07:39 - 2008-08-28 04:40 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2013-07-24 07:39 - 2008-08-28 04:40 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-07-24 07:39 - 2008-08-02 04:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-07-24 07:39 - 2008-08-02 02:01 - 00625152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-07-24 07:39 - 2008-06-26 04:29 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2013-07-24 07:39 - 2008-06-26 04:29 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2013-07-24 07:36 - 2010-08-31 16:40 - 00531968 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-07-24 07:36 - 2008-10-21 06:25 - 01645568 _____ (Microsoft Corporation) C:\Windows\system32\connect.dll
2013-07-24 07:35 - 2009-09-10 16:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\unregmp2.exe
2013-07-24 07:18 - 2013-07-24 07:18 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Malwarebytes
2013-07-24 07:01 - 2013-07-24 07:01 - 00000000 _____ C:\Windows\setupact.log
2013-07-24 06:37 - 2013-07-24 13:19 - 00000680 _____ C:\Users\Simon\AppData\Local\d3d9caps.dat
2013-07-24 03:49 - 2010-02-12 11:48 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-07-24 03:25 - 2008-06-20 02:14 - 00781344 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2013-07-24 03:25 - 2008-06-20 02:14 - 00622080 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2013-07-24 03:25 - 2008-06-20 02:14 - 00105016 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-24 03:25 - 2008-06-20 02:14 - 00097800 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2013-07-24 03:25 - 2008-06-20 02:14 - 00037384 _____ (Microsoft Corporation) C:\Windows\system32\infocardcpl.cpl
2013-07-24 03:25 - 2008-06-20 02:14 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2013-07-24 03:07 - 2008-07-27 19:03 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2013-07-24 03:07 - 2008-07-27 19:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2013-07-24 03:03 - 2013-07-24 03:04 - 00283170 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-24 03:03 - 2013-07-24 03:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-24 03:02 - 2013-07-24 03:03 - 00288984 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-23 20:05 - 2008-06-26 04:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2013-07-23 20:05 - 2008-06-26 02:45 - 12240896 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2013-07-23 20:05 - 2008-06-26 02:45 - 02644480 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0009.dll
2013-07-23 19:58 - 2011-02-16 16:29 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-07-23 19:58 - 2011-02-16 14:24 - 00292864 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-07-23 19:58 - 2010-12-28 15:57 - 00409600 _____ (Microsoft Corporation) C:\Windows\system32\odbc32.dll
2013-07-23 19:58 - 2010-09-10 19:18 - 10626560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-07-23 19:58 - 2010-09-10 17:37 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-07-23 19:58 - 2010-06-16 16:12 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-07-23 19:58 - 2010-04-16 17:10 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-07-23 19:58 - 2009-06-15 16:20 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-07-23 19:58 - 2008-06-19 04:31 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2013-07-23 19:57 - 2009-08-14 17:29 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2013-07-23 19:57 - 2009-08-14 15:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\NETSTAT.EXE
2013-07-23 19:57 - 2009-08-14 15:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\ARP.EXE
2013-07-23 19:57 - 2009-08-14 15:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\ROUTE.EXE
2013-07-23 19:57 - 2009-08-14 15:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\MRINFO.EXE
2013-07-23 19:57 - 2009-08-14 15:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2013-07-23 19:57 - 2009-08-14 15:16 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\TCPSVCS.EXE
2013-07-23 19:57 - 2009-08-14 15:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\HOSTNAME.EXE
2013-07-23 19:56 - 2011-04-21 16:00 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-23 19:56 - 2011-04-21 16:00 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-23 19:56 - 2011-04-21 15:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-23 19:56 - 2011-04-21 15:58 - 03593728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-23 19:56 - 2011-04-21 15:58 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-23 19:56 - 2011-04-21 15:58 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-23 19:56 - 2011-04-21 15:58 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-23 19:56 - 2011-04-21 15:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 06078976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00389120 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-23 19:56 - 2011-04-21 15:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\ieencode.dll
2013-07-23 19:56 - 2011-04-21 14:28 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-23 19:56 - 2011-04-21 14:08 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-23 19:56 - 2011-04-14 15:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2013-07-23 19:56 - 2011-02-22 13:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-07-23 19:56 - 2010-10-15 15:08 - 03600272 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-07-23 19:56 - 2010-10-15 15:08 - 03548048 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-07-23 19:56 - 2010-10-15 14:48 - 01205080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-07-23 19:56 - 2010-05-04 17:53 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-23 19:56 - 2010-02-26 05:03 - 02452872 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-23 19:56 - 2009-08-10 12:01 - 01399296 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-07-23 19:56 - 2009-07-11 20:32 - 00513024 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2013-07-23 19:56 - 2009-07-11 20:32 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2013-07-23 19:56 - 2009-07-11 20:32 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2013-07-23 19:56 - 2009-07-11 20:29 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\L2SecHC.dll
2013-07-23 19:56 - 2009-07-11 18:18 - 02501921 _____ C:\Windows\system32\wlan.tmf
2013-07-23 19:55 - 2011-07-06 15:56 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-07-23 19:55 - 2011-04-29 13:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-07-23 19:55 - 2011-04-29 13:49 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-07-23 19:55 - 2011-03-10 17:12 - 01161728 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-07-23 19:55 - 2011-03-10 17:12 - 01136640 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-07-23 19:55 - 2011-03-02 15:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-07-23 19:55 - 2011-03-02 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-07-23 19:55 - 2011-02-18 14:31 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-07-23 19:55 - 2010-08-17 14:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-07-23 19:55 - 2010-06-28 17:15 - 01315840 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2013-07-23 19:55 - 2010-05-27 20:16 - 00081920 _____ (Radius Inc.) C:\Windows\system32\iccvid.dll
2013-07-23 19:55 - 2010-04-05 17:07 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2013-07-23 19:55 - 2009-09-10 18:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2013-07-23 19:55 - 2009-07-17 15:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\atl.dll
2013-07-23 19:55 - 2009-06-10 13:11 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2013-07-23 19:55 - 2009-06-10 13:11 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2013-07-23 19:55 - 2009-05-04 11:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-07-23 19:55 - 2008-10-21 06:25 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-07-23 19:55 - 2008-04-05 04:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\pacerprf.dll
2013-07-23 19:55 - 2008-04-05 02:21 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2013-07-23 19:54 - 2011-06-02 13:59 - 02042368 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-23 19:54 - 2011-04-21 14:16 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-07-23 19:54 - 2010-12-14 16:49 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2013-07-23 19:54 - 2010-08-26 17:07 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2013-07-23 19:54 - 2009-07-10 13:21 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\shsvcs.dll
2013-07-23 19:54 - 2009-06-10 13:12 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2013-07-23 19:54 - 2008-06-26 04:29 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\wmpeffects.dll
2013-07-23 19:54 - 2008-06-06 04:27 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2013-07-23 19:54 - 2008-06-06 04:27 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2013-07-23 19:54 - 2008-04-18 06:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\es.dll
2013-07-23 19:53 - 2011-04-29 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-07-23 19:53 - 2011-04-29 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-07-23 19:53 - 2011-02-16 16:35 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-23 19:53 - 2011-02-16 16:32 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-23 19:53 - 2010-12-20 16:39 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-07-23 19:53 - 2010-08-31 16:41 - 00954752 _____ (Microsoft Corporation) C:\Windows\system32\mfc40.dll
2013-07-23 19:53 - 2010-08-31 16:41 - 00954288 _____ (Microsoft Corporation) C:\Windows\system32\mfc40u.dll
2013-07-23 19:53 - 2010-04-05 17:08 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2013-07-23 19:53 - 2009-04-23 13:42 - 00636928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-07-23 19:53 - 2008-10-16 05:47 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-07-23 19:52 - 2010-12-29 18:41 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-07-23 19:52 - 2010-12-29 18:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-07-23 19:52 - 2010-12-29 18:41 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2013-07-23 19:52 - 2010-12-29 18:39 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-07-23 19:52 - 2010-08-20 16:21 - 00866816 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2013-07-23 19:52 - 2010-06-18 17:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rtutils.dll
2013-07-23 19:52 - 2010-01-21 16:59 - 00062464 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\system32\l3codeca.acm
2013-07-23 19:52 - 2009-06-15 19:20 - 00439896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-07-23 19:52 - 2009-06-15 16:24 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2013-07-23 19:52 - 2009-06-15 16:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-07-23 19:52 - 2009-06-15 16:23 - 01256448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-07-23 19:52 - 2009-06-15 16:21 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-07-23 19:52 - 2009-06-15 13:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-07-23 19:52 - 2009-03-03 05:39 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2013-07-23 19:52 - 2009-03-03 05:39 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2013-07-23 19:52 - 2009-03-03 05:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelineprxy.dll
2013-07-23 19:52 - 2009-03-03 05:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2013-07-23 19:52 - 2009-03-03 05:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2013-07-23 19:52 - 2009-03-03 05:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2013-07-23 19:52 - 2009-03-03 04:04 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\printfilterpipelinesvc.exe
2013-07-23 19:52 - 2009-03-03 03:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2013-07-23 19:52 - 2008-10-29 07:29 - 02927104 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-07-23 19:51 - 2011-05-02 16:58 - 00738816 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-07-23 19:51 - 2011-01-21 16:46 - 11582464 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-07-23 19:51 - 2011-01-21 16:46 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2013-07-23 19:51 - 2010-11-06 12:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2013-07-23 19:51 - 2010-11-06 12:10 - 00345088 _____ (Microsoft Corporation) C:\Windows\system32\wmicmiplugin.dll
2013-07-23 19:51 - 2010-11-06 12:10 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2013-07-23 19:51 - 2010-11-06 12:09 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2013-07-23 19:51 - 2010-11-05 01:53 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2013-07-23 19:51 - 2010-10-18 15:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-07-23 19:51 - 2010-06-11 16:30 - 01257472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-07-23 19:51 - 2010-04-16 17:10 - 01314816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-07-23 19:51 - 2010-02-18 15:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-07-23 19:51 - 2010-02-18 12:52 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2013-07-23 19:51 - 2009-03-17 04:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\amxread.dll
2013-07-23 19:51 - 2009-03-17 04:38 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\apilogen.dll
2013-07-23 19:50 - 2010-10-28 13:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-07-23 19:50 - 2008-08-12 04:39 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-07-23 19:50 - 2008-05-10 02:33 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2013-07-23 19:49 - 2011-04-20 15:47 - 00375808 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-07-23 19:49 - 2011-04-20 15:44 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-07-23 19:49 - 2009-07-14 14:00 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2013-07-23 19:49 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2013-07-23 19:49 - 2009-07-14 13:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2013-07-23 19:49 - 2009-07-14 13:58 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2013-07-23 19:49 - 2009-07-14 09:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.tlb
2013-07-23 19:49 - 2009-07-14 09:30 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\amcompat.tlb
2013-07-23 19:49 - 2008-06-23 02:59 - 00996352 _____ (Microsoft Corporation) C:\Windows\system32\WMNetMgr.dll
2013-07-23 19:49 - 2008-06-23 02:58 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\logagent.exe
2013-07-23 19:49 - 2008-05-08 22:59 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2013-07-23 19:49 - 2008-05-08 22:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-07-23 19:49 - 2008-05-08 22:59 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-07-23 19:49 - 2008-05-08 22:59 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\wshext.dll
2013-07-23 19:49 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-07-23 19:49 - 2008-05-08 22:58 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-07-23 19:48 - 2010-12-17 17:43 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-07-23 19:48 - 2010-12-17 16:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-07-23 19:48 - 2010-06-16 16:59 - 00898952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-07-23 19:48 - 2009-12-28 13:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\tsbyuv.dll
2013-07-23 19:48 - 2009-12-28 13:32 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\msvfw32.dll
2013-07-23 19:48 - 2009-12-28 13:32 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\msvidc32.dll
2013-07-23 19:48 - 2009-12-28 13:32 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\msyuv.dll
2013-07-23 19:48 - 2009-12-28 13:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msrle32.dll
2013-07-23 19:48 - 2009-12-28 13:31 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\mciavi32.dll
2013-07-23 19:48 - 2009-12-28 13:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\iyuv_32.dll
2013-07-23 19:48 - 2009-12-28 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\avifil32.dll
2013-07-23 19:48 - 2009-12-28 13:28 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\avicap32.dll
2013-07-23 19:48 - 2009-10-07 13:41 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\raschap.dll
2013-07-23 19:48 - 2009-10-07 13:41 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2013-07-23 19:48 - 2009-09-04 13:24 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\msasn1.dll
2013-07-23 19:48 - 2009-08-10 14:05 - 00351232 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2013-07-23 19:48 - 2009-04-23 13:43 - 00784896 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-07-23 19:47 - 2009-04-02 13:37 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2013-07-23 19:25 - 2011-04-29 15:54 - 00276992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-07-23 19:20 - 2010-01-15 01:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2013-07-23 19:20 - 2009-12-23 13:43 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-07-23 18:21 - 2013-07-24 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-23 18:20 - 2013-07-24 07:18 - 00000000 ____D C:\mbar
2013-07-23 18:20 - 2013-07-23 18:20 - 13399154 _____ C:\Users\Simon\Downloads\mbar-1.06.0.1004.zip
2013-07-23 16:24 - 2013-07-23 16:25 - 00000000 ____D C:\Users\Simon\Desktop\Old Firefox Data
2013-07-23 13:49 - 2013-08-01 08:47 - 00000314 _____ C:\Windows\Tasks\Ycwmnfqzbs.job
2013-07-23 13:49 - 2013-08-01 08:47 - 00000304 _____ C:\Windows\Tasks\ooqyobuxm.job
2013-07-23 13:49 - 2013-08-01 08:47 - 00000302 _____ C:\Windows\Tasks\LKXAYORGMF.job
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\KBDRU19.dll
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\ds16gt6.dll
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\catsrvutk.dll
2013-07-23 09:49 - 2013-07-25 21:34 - 00000000 ____D C:\Program Files\QuickMediaConverter
2013-07-23 09:49 - 2013-07-23 09:49 - 00000905 _____ C:\Users\Public\Desktop\QuickMediaConverter.lnk
2013-07-23 09:49 - 2013-07-23 09:49 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Cocoon Software
2013-07-23 09:47 - 2013-07-23 09:47 - 01091123 _____ (Conduit) C:\Users\Simon\Downloads\QMC.exe
2013-07-23 09:43 - 2013-07-23 09:43 - 16228762 _____ C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar
2013-07-23 09:35 - 2013-07-23 09:35 - 18903019 _____ (ZJMedia Digital Technology Ltd.) C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe
2013-07-23 09:35 - 2013-07-23 09:35 - 00001040 _____ C:\Users\Simon\Desktop\WinAVI Video Converter.lnk
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\WinAVI
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Local\WinAVI
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Program Files\WinAVI
2013-07-23 08:37 - 2013-07-23 09:48 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2013-07-23 08:36 - 2013-07-23 08:36 - 00000822 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-23 08:34 - 2013-07-23 08:35 - 22937227 _____ C:\Users\Simon\Downloads\vlc-2.0.7-win32.exe
2013-07-22 22:28 - 2013-07-22 22:28 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0.exe
2013-07-22 22:08 - 2013-07-22 22:08 - 22937227 _____ C:\Users\Administrator.Simon-PC\Downloads\vlc-2.0.7-win32.exe
2013-07-22 22:06 - 2013-07-22 22:06 - 01543745 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB960568-x86.msu
2013-07-22 22:05 - 2013-07-22 22:05 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck(1).exe
2013-07-22 22:03 - 2013-07-22 22:03 - 00000797 _____ C:\Windows\KB842773.log
2013-07-22 22:02 - 2013-07-22 22:02 - 00721136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\WindowsServer2003-KB842773-x86-enu.exe
2013-07-22 22:00 - 2013-07-22 22:00 - 00477549 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB939159-x86.msu
2013-07-22 21:59 - 2013-07-22 21:59 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck.exe
2013-07-22 21:45 - 2013-07-22 21:45 - 00127984 _____ C:\Users\Administrator.Simon-PC\Downloads\windowsupdate.diagcab
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Macromedia
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Adobe
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Macromedia
2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Mozilla
2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Mozilla
2013-07-22 21:24 - 2013-07-25 21:16 - 00071824 _____ C:\Users\Administrator.Simon-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Apple Computer
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PowerCinema
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PlayMovie
2013-07-22 21:21 - 2013-07-24 07:45 - 00000000 ____D C:\Users\Administrator.Simon-PC
2013-07-22 21:21 - 2013-07-22 21:21 - 00000020 ___SH C:\Users\Administrator.Simon-PC\ntuser.ini
2013-07-22 21:19 - 2013-07-22 21:19 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Users\Administrator
2013-07-22 20:44 - 2013-07-28 18:59 - 00000000 ____D C:\vampire
2013-07-22 20:42 - 2013-07-22 20:45 - 00000000 ____D C:\ProgramData\PMS
2013-07-22 20:41 - 2013-07-27 21:34 - 00000000 ____D C:\Program Files\PS3 Media Server
2013-07-22 20:39 - 2013-07-22 20:45 - 35265091 _____ C:\Users\Simon\Downloads\pms-setup-windows-1.82.0.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00000779 _____ C:\Users\Simon\Desktop\Handbrake.lnk
2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-07-22 17:35 - 2013-07-22 17:39 - 00000000 ____D C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 17:33 - 2013-07-22 17:39 - 00000000 ____D C:\Program Files\Handbrake
2013-07-22 17:33 - 2013-07-22 17:33 - 13888037 _____ C:\Users\Simon\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe
2013-07-22 17:28 - 2013-07-22 17:30 - 25001480 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\NetFx20SP2_x86.exe
2013-07-22 17:28 - 2013-07-22 17:28 - 01213248 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Simon\Downloads\FreeStudio.exe
2013-07-22 17:15 - 2013-07-28 18:59 - 00000000 ____D C:\Users\Simon\Documents\Any Video Converter
2013-07-22 17:15 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\AnvSoft
2013-07-22 17:14 - 2013-07-22 17:14 - 00000955 _____ C:\Users\Simon\Desktop\Any Video Converter.lnk
2013-07-22 17:13 - 2013-07-22 17:13 - 00000000 ____D C:\Program Files\AnvSoft
2013-07-22 17:08 - 2013-07-22 17:11 - 32238280 _____ (Any-Video-Converter.com                                     ) C:\Users\Simon\Downloads\avc-free.exe
2013-07-21 09:24 - 2013-07-26 20:41 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.technic
2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\ProgramData\Sun
2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-21 09:23 - 2013-07-21 09:22 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-21 09:23 - 2013-07-21 09:22 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-21 09:23 - 2013-07-21 09:22 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-21 09:23 - 2013-07-21 09:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-21 09:23 - 2013-07-21 09:22 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-21 09:23 - 2013-07-21 09:22 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-21 09:22 - 2013-07-21 09:22 - 00000000 ____D C:\Program Files\Java
2013-07-21 09:20 - 2013-07-21 09:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-21 09:18 - 2013-07-21 09:18 - 03020770 _____ () C:\Users\Simon\Desktop\TechnicLauncher.exe
2013-07-10 00:26 - 2013-07-10 00:27 - 00015187 _____ C:\Users\Simon\AppData\Local\HWVendorDetection.log
2013-07-10 00:25 - 2013-07-10 00:26 - 02237480 _____ (Acer Inc.) C:\Users\Simon\Downloads\FilesDownload_HWID_HWVendorDetection.exe
2013-07-10 00:21 - 2013-07-10 00:27 - 49828488 _____ C:\Users\Simon\Downloads\Audio_Realtek_6.0.1.5735_Vistax64Vistax86_A(1).zip
2013-07-10 00:21 - 2013-07-10 00:27 - 30236667 _____ C:\Users\Simon\Downloads\T7a05764
2013-07-09 18:37 - 2013-07-09 18:42 - 32462994 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\WDM_R271.exe
2013-07-08 16:22 - 2013-07-08 16:24 - 00000000 ____D C:\Windows\system32\RTCOM
2013-07-08 16:18 - 2013-03-29 21:42 - 02646088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys
2013-07-08 16:18 - 2013-03-29 18:04 - 21170176 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes.dat
2013-07-08 16:18 - 2013-03-29 17:51 - 00860208 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2013-07-08 16:18 - 2013-03-29 17:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-07-08 16:18 - 2013-03-27 16:57 - 00112200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoInstII.dll
2013-07-08 16:18 - 2013-03-26 17:06 - 02536008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkPgExt.dll
2013-07-08 16:18 - 2013-03-26 15:40 - 03237448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO.dll
2013-07-08 16:18 - 2013-03-26 14:38 - 01596488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSndMgr.cpl
2013-07-08 16:18 - 2013-03-25 17:32 - 03180264 _____ C:\Windows\system32\Drivers\rtvienna.dat
2013-07-08 16:18 - 2013-03-21 00:26 - 13769496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2013-07-08 16:18 - 2013-03-21 00:26 - 01931032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2013-07-08 16:18 - 2013-03-20 13:17 - 08872216 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA.dll
2013-07-08 16:18 - 2013-03-20 13:17 - 01822488 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2013-07-08 16:18 - 2013-03-20 13:17 - 01656600 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek2.dll
2013-07-08 16:18 - 2013-03-20 13:17 - 00776984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell.dll
2013-07-08 16:18 - 2013-03-15 19:33 - 04335384 _____ (A-volute) C:\Windows\system32\RTKSMlfx.dll
2013-07-08 16:18 - 2013-03-15 19:32 - 00852824 _____ (A-Volute) C:\Windows\system32\RTKSMSettingsIPC.dll
2013-07-08 16:18 - 2013-03-08 12:51 - 00849968 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2013-07-08 16:18 - 2013-02-27 05:37 - 00699680 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt32.dll
2013-07-08 16:18 - 2013-02-27 05:37 - 00547104 _____ (SRS Labs, Inc.) C:\Windows\system32\sltech32.dll
2013-07-08 16:18 - 2013-02-27 05:37 - 00336672 _____ (SRS Labs, Inc.) C:\Windows\system32\sl3apo32.dll
2013-07-08 16:18 - 2013-02-27 05:37 - 00184608 _____ (TODO: <Company name>) C:\Windows\system32\slprp32.dll
2013-07-08 16:18 - 2013-02-19 18:52 - 00765000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApoApi.dll
2013-07-08 16:18 - 2013-01-17 19:32 - 00639256 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO50.dll
2013-07-08 16:18 - 2012-12-12 11:17 - 00350664 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2013-07-08 16:18 - 2012-09-10 20:06 - 00549240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO40.dll
2013-07-08 16:18 - 2012-08-31 19:17 - 07162128 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP32A.dll
2013-07-08 16:18 - 2012-08-31 19:17 - 00352016 _____ (Dolby Laboratories) C:\Windows\system32\R4EED32A.dll
2013-07-08 16:18 - 2012-08-31 19:17 - 00106768 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL32A.dll
2013-07-08 16:18 - 2012-08-31 19:17 - 00091920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA32A.dll
2013-07-08 16:18 - 2012-08-31 19:17 - 00062224 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG32A.dll
2013-07-08 16:18 - 2012-07-15 21:13 - 00349048 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2013-07-08 16:18 - 2012-01-30 11:42 - 00819648 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo2.dll
2013-07-08 16:18 - 2012-01-10 10:20 - 00058264 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\TepeqAPO.dll
2013-07-08 16:18 - 2011-11-22 16:28 - 00013416 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR.dll
2013-07-08 16:18 - 2011-09-02 14:21 - 00214368 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK.dll
2013-07-08 16:18 - 2011-09-02 14:21 - 00074080 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM.dll
2013-07-08 16:18 - 2011-09-02 14:21 - 00068960 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO.dll
2013-07-08 16:18 - 2011-03-17 12:16 - 01379760 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2013-07-08 16:18 - 2011-03-07 17:03 - 00134584 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00359768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP32A.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT32.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00295768 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA32.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00170840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED32A.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL32A.dll
2013-07-08 16:18 - 2010-11-08 07:31 - 00064856 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG32A.dll
2013-07-08 16:18 - 2010-09-27 09:34 - 00232792 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2013-07-08 16:18 - 2009-12-04 15:43 - 00132368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO.dll
2013-07-08 16:18 - 2009-11-24 09:55 - 00345328 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSXT.dll
2013-07-08 16:18 - 2009-11-24 09:55 - 00185584 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSHD.dll
2013-07-08 16:18 - 2009-11-24 09:55 - 00173296 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP360.dll
2013-07-08 16:18 - 2009-11-24 09:55 - 00140528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW.dll
2013-07-08 16:18 - 2009-11-18 18:42 - 01783056 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesLib.dll
2013-07-08 16:17 - 2013-03-26 17:04 - 02386464 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO.dll
2013-07-08 16:17 - 2013-03-23 03:43 - 00181960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTACap.dll
2013-07-08 16:17 - 2012-10-02 14:39 - 00426952 _____ (DTS) C:\Windows\system32\DTSU2PLFX32.dll
2013-07-08 16:17 - 2012-10-02 14:39 - 00402888 _____ (DTS) C:\Windows\system32\DTSU2PGFX32.dll
2013-07-08 16:17 - 2012-10-02 14:39 - 00346056 _____ (DTS) C:\Windows\system32\DTSU2PREC32.dll
2013-07-08 16:17 - 2012-06-20 17:26 - 00090624 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-07-08 16:17 - 2012-03-08 11:47 - 00095840 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTARen.dll
2013-07-08 16:17 - 2011-08-23 17:00 - 00357712 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 01509480 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 01292904 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 01220200 _____ (DTS) C:\Windows\system32\DTSBoostDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00654952 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00631400 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00601704 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00458344 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00389736 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00375400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPONS.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00218728 _____ (DTS) C:\Windows\system32\DTSGFXAPO.dll
2013-07-08 16:17 - 2011-05-31 09:42 - 00218216 _____ (DTS) C:\Windows\system32\DTSLFXAPO.dll
2013-07-08 15:50 - 2013-07-08 15:59 - 75792957 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\32bit_Vista_Win7_Win8_R271(1).exe
2013-07-08 12:42 - 2013-07-08 12:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes
2013-07-08 12:41 - 2013-07-08 12:41 - 00000869 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-08 12:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-08 12:38 - 2013-07-08 12:39 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Simon\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-08 11:55 - 2013-07-08 11:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 21:27 - 2013-07-04 21:27 - 00000768 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Program Files\epson
2013-07-04 21:27 - 2009-05-01 00:00 - 00128392 _____ (Seiko Epson Corporation) C:\Windows\system32\esdevapp.exe
2013-07-04 21:27 - 2009-05-01 00:00 - 00015872 _____ (SEIKO EPSON CORP.) C:\Windows\system32\escdev.dll
2013-07-04 21:27 - 2008-11-17 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\eswiaud.dll
2013-07-04 21:22 - 2013-07-04 21:23 - 12872704 _____ C:\Users\Simon\Downloads\epson323810eu.exe

==================== One Month Modified Files and Folders =======

2013-08-01 14:35 - 2013-08-01 14:35 - 01222064 _____ (Farbar) C:\Users\Simon\Downloads\FRST.exe
2013-08-01 14:35 - 2013-08-01 14:35 - 00000000 ____D C:\FRST
2013-08-01 14:32 - 2013-06-09 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-01 14:23 - 2013-01-06 12:42 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 12:47 - 2006-11-02 13:45 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-01 12:47 - 2006-11-02 13:45 - 00003344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-01 10:08 - 2013-01-04 23:11 - 01756794 _____ C:\Windows\WindowsUpdate.log
2013-08-01 08:47 - 2013-07-23 13:49 - 00000314 _____ C:\Windows\Tasks\Ycwmnfqzbs.job
2013-08-01 08:47 - 2013-07-23 13:49 - 00000304 _____ C:\Windows\Tasks\ooqyobuxm.job
2013-08-01 08:47 - 2013-07-23 13:49 - 00000302 _____ C:\Windows\Tasks\LKXAYORGMF.job
2013-08-01 08:47 - 2013-01-06 12:42 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 08:47 - 2006-11-02 13:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-31 23:05 - 2006-11-02 13:58 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-31 19:49 - 2013-07-31 19:49 - 00000528 _____ C:\Users\Simon\Desktop\onlinescan.txt
2013-07-31 18:06 - 2013-07-31 18:06 - 00000000 ____D C:\Program Files\ESET
2013-07-31 18:06 - 2013-07-31 18:05 - 02347384 _____ (ESET) C:\Users\Simon\Downloads\esetsmartinstaller_enu.exe
2013-07-31 07:46 - 2013-02-18 15:24 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-07-31 00:05 - 2008-01-21 04:02 - 00191430 _____ C:\Windows\PFRO.log
2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Windows\Sun
2013-07-30 15:40 - 2013-07-30 15:40 - 00018114 _____ C:\ComboFix.txt
2013-07-30 15:40 - 2013-07-30 15:18 - 00000000 ____D C:\ComboFix
2013-07-30 15:40 - 2013-07-24 15:15 - 00000000 ____D C:\Qoobox
2013-07-30 15:36 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-07-30 15:16 - 2013-07-24 15:14 - 05095756 ____R (Swearware) C:\Users\Simon\Desktop\ComboFix.exe
2013-07-28 18:59 - 2013-07-22 20:44 - 00000000 ____D C:\vampire
2013-07-28 18:59 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\Documents\Any Video Converter
2013-07-27 22:45 - 2013-07-27 22:45 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HandBrake
2013-07-27 21:39 - 2013-01-04 23:21 - 00000907 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2013-07-27 21:34 - 2013-07-22 20:41 - 00000000 ____D C:\Program Files\PS3 Media Server
2013-07-27 21:29 - 2013-07-27 21:29 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0(1).exe
2013-07-27 21:28 - 2013-07-27 21:28 - 00001393 _____ C:\Users\Administrator.Simon-PC\Desktop\taskmgr - Shortcut.lnk
2013-07-27 20:59 - 2013-07-27 20:59 - 00000223 _____ C:\Users\Simon\Downloads\CFScript.txt
2013-07-26 20:41 - 2013-07-21 09:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.technic
2013-07-26 09:09 - 2008-06-21 11:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-25 21:34 - 2013-07-25 21:34 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Cocoon Software
2013-07-25 21:34 - 2013-07-23 09:49 - 00000000 ____D C:\Program Files\QuickMediaConverter
2013-07-25 21:34 - 2006-11-02 11:23 - 00000563 _____ C:\Windows\win.ini
2013-07-25 21:31 - 2013-07-25 21:30 - 66560136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\Plex-Media-Server-0.9.728.33-f80a4a2-en-US.exe
2013-07-25 21:24 - 2013-07-25 21:24 - 19577768 _____ C:\Users\Administrator.Simon-PC\Downloads\TVersitySetup_2_5.exe
2013-07-25 21:20 - 2006-11-02 11:33 - 00703214 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 21:19 - 2013-07-25 21:17 - 00000000 ____D C:\usbstick
2013-07-25 21:16 - 2013-07-22 21:24 - 00071824 _____ C:\Users\Administrator.Simon-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-25 21:11 - 2013-01-05 01:16 - 00020992 _____ C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-25 19:41 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Default
2013-07-25 19:41 - 2006-11-02 12:18 - 00000000 ___RD C:\Users\Public
2013-07-25 19:37 - 2013-07-24 15:14 - 00000000 ____D C:\Windows\erdnt
2013-07-25 14:19 - 2013-07-25 12:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\.minecraft
2013-07-25 12:15 - 2013-07-25 12:14 - 00675988 _____ C:\Users\Simon\Desktop\Minecraft.exe
2013-07-24 18:43 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-24 17:17 - 2013-07-24 17:09 - 00000000 ____D C:\8bb52fb69a465ea51d6fed28
2013-07-24 16:01 - 2013-07-24 16:01 - 00866592 _____ C:\Users\Simon\Downloads\Norton_Removal_Tool.exe
2013-07-24 15:23 - 2008-06-21 11:38 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-07-24 15:13 - 2013-07-24 15:13 - 05092950 _____ (Swearware) C:\Users\Simon\Downloads\ComboFix.exe
2013-07-24 13:54 - 2013-07-24 13:54 - 00000600 _____ C:\Users\Simon\Documents\ark.txt
2013-07-24 13:19 - 2013-07-24 06:37 - 00000680 _____ C:\Users\Simon\AppData\Local\d3d9caps.dat
2013-07-24 13:15 - 2013-07-24 13:15 - 109366227 _____ C:\Windows\MEMORY.DMP
2013-07-24 13:15 - 2013-07-24 13:15 - 00139096 _____ C:\Windows\Minidump\Mini072413-01.dmp
2013-07-24 13:15 - 2013-07-24 13:15 - 00000000 ____D C:\Windows\Minidump
2013-07-24 13:11 - 2013-07-24 13:11 - 00377856 _____ C:\Users\Simon\Downloads\dibjzip4.exe
2013-07-24 13:10 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2013-07-24 12:52 - 2013-01-04 23:22 - 00071824 _____ C:\Users\Simon\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-24 12:49 - 2006-11-02 13:44 - 00306648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-24 12:48 - 2013-06-19 04:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-24 09:30 - 2008-06-21 11:16 - 00000000 ____D C:\Program Files\Microsoft Works
2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-24 09:24 - 2013-07-24 09:24 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-24 09:23 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-24 09:04 - 2013-07-24 09:04 - 00003125 _____ C:\Users\Simon\Desktop\attach.txt
2013-07-24 09:02 - 2013-07-24 09:04 - 00016176 _____ C:\Users\Simon\Desktop\dds.txt
2013-07-24 08:53 - 2013-07-24 08:53 - 00688992 ____R (Swearware) C:\Users\Simon\Downloads\dds.scr
2013-07-24 08:42 - 2013-07-24 08:42 - 00001688 _____ C:\AdwCleaner[s1].txt
2013-07-24 08:41 - 2013-07-24 08:41 - 00666633 _____ C:\Users\Simon\Downloads\AdwCleaner.exe
2013-07-24 08:39 - 2013-07-24 08:39 - 00002031 _____ C:\Users\Simon\Desktop\JRT.txt
2013-07-24 08:33 - 2013-07-24 08:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-24 08:32 - 2013-07-24 08:32 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Simon\Downloads\JRT.exe
2013-07-24 08:21 - 2013-02-20 15:17 - 00007871 _____ C:\Windows\IE9_main.log
2013-07-24 08:13 - 2013-07-24 08:13 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\WindowsUpdate
2013-07-24 07:52 - 2013-07-24 07:52 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-07-24 07:45 - 2013-07-22 21:21 - 00000000 ____D C:\Users\Administrator.Simon-PC
2013-07-24 07:18 - 2013-07-24 07:18 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Malwarebytes
2013-07-24 07:18 - 2013-07-23 18:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-24 07:18 - 2013-07-23 18:20 - 00000000 ____D C:\mbar
2013-07-24 07:01 - 2013-07-24 07:01 - 00000000 _____ C:\Windows\setupact.log
2013-07-24 06:51 - 2013-06-21 19:11 - 00000000 ____D C:\ProgramData\MFAData
2013-07-24 06:50 - 2013-06-21 19:11 - 00000000 ____D C:\Users\Simon\AppData\Local\Avg2013
2013-07-24 05:45 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-24 05:45 - 2006-11-02 13:35 - 00000000 ____D C:\Program Files\Movie Maker
2013-07-24 03:04 - 2013-07-24 03:03 - 00283170 _____ C:\Windows\msxml4-KB954430-enu.LOG
2013-07-24 03:03 - 2013-07-24 03:03 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-24 03:03 - 2013-07-24 03:02 - 00288984 _____ C:\Windows\msxml4-KB973688-enu.LOG
2013-07-23 18:21 - 2013-01-23 16:06 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-07-23 18:20 - 2013-07-23 18:20 - 13399154 _____ C:\Users\Simon\Downloads\mbar-1.06.0.1004.zip
2013-07-23 16:25 - 2013-07-23 16:24 - 00000000 ____D C:\Users\Simon\Desktop\Old Firefox Data
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\KBDRU19.dll
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\ds16gt6.dll
2013-07-23 13:49 - 2013-07-23 13:49 - 00120832 __RSH C:\Windows\system32\catsrvutk.dll
2013-07-23 09:49 - 2013-07-23 09:49 - 00000905 _____ C:\Users\Public\Desktop\QuickMediaConverter.lnk
2013-07-23 09:49 - 2013-07-23 09:49 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Cocoon Software
2013-07-23 09:48 - 2013-07-23 08:37 - 00000000 ____D C:\Users\Simon\AppData\Roaming\vlc
2013-07-23 09:47 - 2013-07-23 09:47 - 01091123 _____ (Conduit) C:\Users\Simon\Downloads\QMC.exe
2013-07-23 09:43 - 2013-07-23 09:43 - 16228762 _____ C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar
2013-07-23 09:35 - 2013-07-23 09:35 - 18903019 _____ (ZJMedia Digital Technology Ltd.) C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe
2013-07-23 09:35 - 2013-07-23 09:35 - 00001040 _____ C:\Users\Simon\Desktop\WinAVI Video Converter.lnk
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\WinAVI
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Users\Simon\AppData\Local\WinAVI
2013-07-23 09:35 - 2013-07-23 09:35 - 00000000 ____D C:\Program Files\WinAVI
2013-07-23 09:10 - 2013-07-25 20:57 - 00001652 _____ C:\Users\Simon\Desktop\PS3 Media Server.lnk
2013-07-23 08:36 - 2013-07-23 08:36 - 00000822 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-23 08:35 - 2013-07-23 08:34 - 22937227 _____ C:\Users\Simon\Downloads\vlc-2.0.7-win32.exe
2013-07-23 08:35 - 2013-02-17 15:04 - 00000000 ____D C:\Program Files\VideoLAN
2013-07-22 22:28 - 2013-07-22 22:28 - 35265091 _____ C:\Users\Administrator.Simon-PC\Downloads\pms-setup-windows-1.82.0.exe
2013-07-22 22:08 - 2013-07-22 22:08 - 22937227 _____ C:\Users\Administrator.Simon-PC\Downloads\vlc-2.0.7-win32.exe
2013-07-22 22:06 - 2013-07-22 22:06 - 01543745 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB960568-x86.msu
2013-07-22 22:05 - 2013-07-22 22:05 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck(1).exe
2013-07-22 22:03 - 2013-07-22 22:03 - 00000797 _____ C:\Windows\KB842773.log
2013-07-22 22:02 - 2013-07-22 22:02 - 00721136 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\WindowsServer2003-KB842773-x86-enu.exe
2013-07-22 22:00 - 2013-07-22 22:00 - 00477549 _____ C:\Users\Administrator.Simon-PC\Downloads\Windows6.0-KB939159-x86.msu
2013-07-22 21:59 - 2013-07-22 21:59 - 01528184 _____ (Microsoft Corporation) C:\Users\Administrator.Simon-PC\Downloads\GenuineCheck.exe
2013-07-22 21:45 - 2013-07-22 21:45 - 00127984 _____ C:\Users\Administrator.Simon-PC\Downloads\windowsupdate.diagcab
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Macromedia
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Adobe
2013-07-22 21:41 - 2013-07-22 21:41 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Macromedia
2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Mozilla
2013-07-22 21:35 - 2013-07-22 21:35 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\Mozilla
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Roaming\Apple Computer
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PowerCinema
2013-07-22 21:24 - 2013-07-22 21:24 - 00000000 ____D C:\Users\Administrator.Simon-PC\AppData\Local\PlayMovie
2013-07-22 21:21 - 2013-07-22 21:21 - 00000020 ___SH C:\Users\Administrator.Simon-PC\ntuser.ini
2013-07-22 21:19 - 2013-07-22 21:19 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Users\Administrator
2013-07-22 20:45 - 2013-07-22 20:42 - 00000000 ____D C:\ProgramData\PMS
2013-07-22 20:45 - 2013-07-22 20:39 - 35265091 _____ C:\Users\Simon\Downloads\pms-setup-windows-1.82.0.exe
2013-07-22 17:39 - 2013-07-22 17:39 - 00000779 _____ C:\Users\Simon\Desktop\Handbrake.lnk
2013-07-22 17:39 - 2013-07-22 17:39 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2013-07-22 17:39 - 2013-07-22 17:35 - 00000000 ____D C:\0ef2d2fe2e17082f2b92f115576b55
2013-07-22 17:39 - 2013-07-22 17:33 - 00000000 ____D C:\Program Files\Handbrake
2013-07-22 17:33 - 2013-07-22 17:33 - 13888037 _____ C:\Users\Simon\Downloads\HandBrake-0.9.9-1_i686-Win_GUI.exe
2013-07-22 17:30 - 2013-07-22 17:28 - 25001480 _____ (Microsoft Corporation) C:\Users\Simon\Downloads\NetFx20SP2_x86.exe
2013-07-22 17:28 - 2013-07-22 17:28 - 01213248 _____ (DVDVideoSoft Ltd.                                           ) C:\Users\Simon\Downloads\FreeStudio.exe
2013-07-22 17:15 - 2013-07-22 17:15 - 00000000 ____D C:\Users\Simon\AppData\Roaming\AnvSoft
2013-07-22 17:14 - 2013-07-22 17:14 - 00000955 _____ C:\Users\Simon\Desktop\Any Video Converter.lnk
2013-07-22 17:13 - 2013-07-22 17:13 - 00000000 ____D C:\Program Files\AnvSoft
2013-07-22 17:11 - 2013-07-22 17:08 - 32238280 _____ (Any-Video-Converter.com                                     ) C:\Users\Simon\Downloads\avc-free.exe
2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\ProgramData\Sun
2013-07-21 09:24 - 2013-07-21 09:24 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-21 09:22 - 2013-07-21 09:23 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-21 09:22 - 2013-07-21 09:23 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-21 09:22 - 2013-07-21 09:23 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-21 09:22 - 2013-07-21 09:23 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-21 09:22 - 2013-07-21 09:23 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-21 09:22 - 2013-07-21 09:23 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-21 09:22 - 2013-07-21 09:22 - 00000000 ____D C:\Program Files\Java
2013-07-21 09:20 - 2013-07-21 09:20 - 00000000 ____D C:\ProgramData\McAfee
2013-07-21 09:19 - 2013-03-11 22:36 - 00000000 ____D C:\Users\Simon\Documents\android files
2013-07-21 09:18 - 2013-07-21 09:18 - 03020770 _____ () C:\Users\Simon\Desktop\TechnicLauncher.exe
2013-07-10 09:32 - 2013-06-25 14:32 - 00000000 ____D C:\tabbak
2013-07-10 00:27 - 2013-07-10 00:26 - 00015187 _____ C:\Users\Simon\AppData\Local\HWVendorDetection.log
2013-07-10 00:27 - 2013-07-10 00:21 - 49828488 _____ C:\Users\Simon\Downloads\Audio_Realtek_6.0.1.5735_Vistax64Vistax86_A(1).zip
2013-07-10 00:27 - 2013-07-10 00:21 - 30236667 _____ C:\Users\Simon\Downloads\T7a05764
2013-07-10 00:26 - 2013-07-10 00:25 - 02237480 _____ (Acer Inc.) C:\Users\Simon\Downloads\FilesDownload_HWID_HWVendorDetection.exe
2013-07-10 00:24 - 2013-03-09 22:25 - 00000000 ____D C:\Users\Simon\Downloads\mday
2013-07-10 00:13 - 2013-03-09 14:40 - 00000000 ____D C:\Users\Simon\Documents\model railway
2013-07-09 18:42 - 2013-07-09 18:37 - 32462994 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\WDM_R271.exe
2013-07-08 16:24 - 2013-07-08 16:22 - 00000000 ____D C:\Windows\system32\RTCOM
2013-07-08 16:19 - 2008-06-21 11:10 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2013-07-08 16:17 - 2008-06-21 11:08 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-08 15:59 - 2013-07-08 15:50 - 75792957 _____ (Realtek Semiconductor Corp.) C:\Users\Simon\Downloads\32bit_Vista_Win7_Win8_R271(1).exe
2013-07-08 15:47 - 2008-06-21 11:07 - 00000000 ____D C:\Program Files\Packard Bell
2013-07-08 15:45 - 2006-11-02 13:35 - 00000000 ____D C:\Program Files\Microsoft Games
2013-07-08 15:43 - 2013-03-08 13:04 - 00000000 ____D C:\Users\Simon\Documents\My Games
2013-07-08 15:43 - 2013-03-08 13:04 - 00000000 ____D C:\Users\Simon\AppData\Roaming\My Games
2013-07-08 15:42 - 2008-06-21 11:49 - 00000000 ____D C:\ProgramData\Skype
2013-07-08 15:39 - 2013-06-19 04:25 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Orbit
2013-07-08 15:35 - 2008-06-21 11:37 - 00000000 ____D C:\Windows\SHELLNEW
2013-07-08 15:22 - 2013-01-05 11:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-08 12:42 - 2013-07-08 12:42 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Malwarebytes
2013-07-08 12:41 - 2013-07-08 12:41 - 00000869 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-08 12:41 - 2013-07-08 12:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-08 12:39 - 2013-07-08 12:38 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Simon\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-08 11:58 - 2013-07-08 11:55 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-07 22:57 - 2013-06-28 06:42 - 00000000 ____D C:\Program Files\Steam
2013-07-04 21:30 - 2013-01-04 23:18 - 00000000 ____D C:\Users\Simon
2013-07-04 21:27 - 2013-07-04 21:27 - 00000768 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2013-07-04 21:27 - 2013-07-04 21:27 - 00000000 ____D C:\Program Files\epson
2013-07-04 21:27 - 2006-11-02 13:35 - 00000000 ____D C:\Windows\twain_32
2013-07-04 21:23 - 2013-07-04 21:22 - 12872704 _____ C:\Users\Simon\Downloads\epson323810eu.exe
2013-07-04 07:21 - 2008-06-21 11:18 - 00000000 ____D C:\ProgramData\Adobe
2013-07-03 11:01 - 2013-01-05 00:41 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-01 08:52

==================== End Of Log ============================

Link to post
Share on other sites

addition.txt log

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-07-2013 04
Ran by Simon at 2013-08-01 14:38:04
Running from C:\Users\Simon\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Photoshop Elements 6
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader 8.1.0
Adobe Reader X (10.1.7) (Version: 10.1.7)
Adobe Shockwave Player (Version: 10.3.0.24)
Android Commander version 0.7.9.11 (Version: 0.7.9.11)
Any Video Converter 5.0.7
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATK Hotkey (Version: 1.00.0018)
Belarc Advisor 8.3 (Version: 8.3.2.0)
Bonjour (Version: 3.0.0.10)
British Telecom
Carbonite
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
CyberLink PowerCinema (Version: 6.0.1615)
EPSON Scan
EPSON SX210 Series Printer Uninstall
ESET Online Scanner v3
Firefox
Google BAE
Google Chrome Frame (Version: 28.0.1500.72)
Google Earth
Google Earth (Version: 4.0.2737)
Google Update Helper (Version: 1.3.21.153)
HandBrake 0.9.9.1 (Version: 0.9.9.1)
HDReg (Version: 2.0.0)
Helium (Version: 1.0.0)
Infocentre Rev. 2.0.0.1
Internet From BT
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
KeyboardTest V3.0
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.7)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Works 9 SE
Microsoft XML Parser (Version: 8.70.1104.04)
Microsoft® Office Trial 2007
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 8 Essentials
Nero 8 Essentials (Version: 8.2.283)
neroxml (Version: 1.0.0)
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PdaNet+ for Android 4.12
Picasa 2 (Version: 2.0)
Picasa2
Power Cinema 6
Protect your files now
PS3 Media Server (Version: 1.82.0)
Quick Media Converter HD
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6873)
Roll
SCARM 0.9.17 beta (Version: 0.9.17)
SeaTools for Windows (Version: 1.1.3.2)
SiS VGA Utilities (Version: 5.08)
Spybot - Search & Destroy (Version: 2.0.12)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 9.1.19.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup (Version: 1.0.0)
VLC media player 2.0.7 (Version: 2.0.7)
WinAVI Video Converter (Version: 11.6.1.4734)
 

==================== Restore Points  =========================

21-07-2013 08:21:16 Installed Java 7 Update 25

==================== Hosts content: ==========================

2006-11-02 11:23 - 2013-07-26 14:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0025AF66-2720-4AA8-9A26-26F8B8AA0AF6} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe No File
Task: {14008FA2-5E5F-42F9-A01B-47A41C99581A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} - System32\Tasks\ooqyobuxm => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {2B9A48FC-86D0-48A3-9924-B1096934B97E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {60460F69-EDDF-41DB-A8C4-992BBE6D1568} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} - System32\Tasks\Ycwmnfqzbs => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {D120DE50-E24B-401F-A660-22CEE56E802F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-06] (Google Inc.)
Task: {EA38C74F-DEC6-46E9-8370-78A83A4F932E} - System32\Tasks\LKXAYORGMF => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LKXAYORGMF.job => C:\Windows\system32\rundll32.exe
Task: C:\Windows\Tasks\ooqyobuxm.job => C:\Windows\system32\rundll32.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Ycwmnfqzbs.job => C:\Windows\system32\rundll32.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2013 08:48:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 00:07:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2013 00:06:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/30/2013 02:13:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17721

Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17721

Error: (07/29/2013 11:40:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16676

Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16676

Error: (07/29/2013 11:40:09 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/01/2013 09:07:37 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/01/2013 08:48:51 AM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058

Error: (08/01/2013 08:47:44 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/31/2013 00:07:29 AM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058

Error: (07/31/2013 00:05:57 AM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (07/30/2013 03:36:16 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (07/30/2013 03:30:01 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (07/30/2013 03:20:46 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (07/30/2013 02:13:57 PM) (Source: Service Control Manager) (User: )
Description: Spybot-S&D 2 Security Center ServiceSecurity Center%%1058

Error: (07/30/2013 02:12:21 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-01 14:37:49.263
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:49.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:48.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:48.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:17.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:16.847
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:16.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:16.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:16.160
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-01 14:37:15.895
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 894.52 MB
Available physical RAM: 167.8 MB
Total Pagefile: 2197.86 MB
Available Pagefile: 1125.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.07 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:101.78 GB) (Free:15.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: EAB40873)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=102 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Please note: Due to the fact that I´ll get married tomorrow, I cannot reply until Monday evening. Please be patient with me.

 

 

Fix with FRST (normal mode)
 

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!Task: {255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} - System32\Tasks\ooqyobuxm => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)Task: {BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} - System32\Tasks\Ycwmnfqzbs => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)Task: {EA38C74F-DEC6-46E9-8370-78A83A4F932E} - System32\Tasks\LKXAYORGMF => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)C:\Windows\Tasks\Ycwmnfqzbs.jobC:\Windows\Tasks\ooqyobuxm.jobC:\Windows\Tasks\LKXAYORGMF.jobC:\Windows\system32\KBDRU19.dllC:\Windows\system32\ds16gt6.dllC:\Windows\system32\catsrvutk.dllC:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rarC:\Users\Simon\Downloads\WinAVI_Video_Converter.exeC:\Users\Simon\Desktop\WinAVI Video Converter.lnkC:\Users\Simon\AppData\Roaming\WinAVIC:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video ConverterC:\Users\Simon\AppData\Local\WinAVIC:\Program Files\WinAVIC:\Program Files\QuickMediaConverterC:\Users\Public\Desktop\QuickMediaConverter.lnkC:\Users\Simon\AppData\Roaming\Cocoon SoftwareC:\Users\Simon\Downloads\QMC.exeC:\Windows\Tasks\GoogleUpdateTaskMachineCore.jobC:\Windows\Tasks\SA.DAT
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
Link to post
Share on other sites

hello, I'm not going to complain at all, congratulations on your marriage, and I hope your day is special for you both.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-08-2013 01
Ran by Simon at 2013-08-02 19:35:53 Run:1
Running from C:\Users\Simon\Downloads
Boot Mode: Normal

==============================================

HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{255ED510-7E8E-43B2-A88F-5E8E5EDC4D5C} => Key deleted successfully.
C:\Windows\System32\Tasks\ooqyobuxm => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ooqyobuxm => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF2A5E3C-D4D2-409A-A7B8-1A2887A47D73} => Key deleted successfully.
C:\Windows\System32\Tasks\Ycwmnfqzbs => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ycwmnfqzbs => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA38C74F-DEC6-46E9-8370-78A83A4F932E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA38C74F-DEC6-46E9-8370-78A83A4F932E} => Key deleted successfully.
C:\Windows\System32\Tasks\LKXAYORGMF => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LKXAYORGMF => Key deleted successfully.
C:\Windows\Tasks\Ycwmnfqzbs.job => Moved successfully.
C:\Windows\Tasks\ooqyobuxm.job => Moved successfully.
C:\Windows\Tasks\LKXAYORGMF.job => Moved successfully.
C:\Windows\system32\KBDRU19.dll => Moved successfully.
C:\Windows\system32\ds16gt6.dll => Moved successfully.
C:\Windows\system32\catsrvutk.dll => Moved successfully.
C:\Users\Simon\Downloads\winavi video converter v11.0 + serial.rar => Moved successfully.
C:\Users\Simon\Downloads\WinAVI_Video_Converter.exe => Moved successfully.
C:\Users\Simon\Desktop\WinAVI Video Converter.lnk => Moved successfully.
C:\Users\Simon\AppData\Roaming\WinAVI => Moved successfully.
C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAVI Video Converter => Moved successfully.
C:\Users\Simon\AppData\Local\WinAVI => Moved successfully.
C:\Program Files\WinAVI => Moved successfully.
C:\Program Files\QuickMediaConverter => Moved successfully.
C:\Users\Public\Desktop\QuickMediaConverter.lnk => Moved successfully.
C:\Users\Simon\AppData\Roaming\Cocoon Software => Moved successfully.
C:\Users\Simon\Downloads\QMC.exe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.