Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cox.exe? suddenly sprang up HELP! [Solved]


  • This topic is locked This topic is locked

#1
carbuncle

carbuncle

    Member

  • Member
  • PipPipPip
  • 113 posts
Hi everyone

From out of the blue a message popped up saying ' High Disk Activity ' COX.EXE is using high resources etc or whatever the exact wording Win 7 uses.

Checked it out via Google and to be honest there doesn't appear to be that much on it , it says it is a rootkit but i have McAfree Rootkit finder and it says there is nothing , it also says the rootkit affects your browser etc and makes your system go slow which to be honest I cant say ive noticed it.

But the fact Win 7 felt the need to highlight that particular E.xe file is worrying , I have done a full check with McAfree Rootkit , Malwarebytes , SuperAntiSpyware and Norton AV and all come up negative.

I did hear that a program called Unhackme could probaley find it but then read it too maybe dodgy.

Any advice on this would be much appreciated thank you in advance.

Rob
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
    Note: If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that. Please attach it here.

How to add an attachment to a new topic or reply
  • 0

#3
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi Render

Thanks for the help

ok this is the log


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 18:23:21
-----------------------------
18:23:21.017 OS Version: Windows x64 6.1.7601 Service Pack 1
18:23:21.017 Number of processors: 4 586 0x170A
18:23:21.018 ComputerName: ROB-PC UserName: Rob
18:23:23.299 Initialize success
18:24:04.639 AVAST engine defs: 12082200
18:24:08.071 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:24:08.071 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3EA Size: 476938MB BusType: 3
18:24:08.071 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
18:24:08.071 Disk 1 Vendor: WDC_WD2000BB-00GUA0 08.02D08 Size: 190781MB BusType: 3
18:24:08.086 Disk 1 MBR read successfully
18:24:08.086 Disk 1 MBR scan
18:24:08.086 Disk 1 Windows 7 default MBR code
18:24:08.102 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:24:08.102 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 190679 MB offset 206848
18:24:08.133 Disk 1 scanning C:\Windows\system32\drivers
18:24:19.948 Service scanning
18:24:49.210 Modules scanning
18:24:49.218 Disk 1 trace - called modules:
18:24:49.235 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:24:49.240 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a33060]
18:24:49.245 3 CLASSPNP.SYS[fffff88001b8643f] -> nt!IofCallDriver -> [0xfffffa800396ce40]
18:24:49.250 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80047d9060]
18:24:50.183 AVAST engine scan C:\Windows
18:24:52.211 AVAST engine scan C:\Windows\system32
18:27:51.512 AVAST engine scan C:\Windows\system32\drivers
18:28:09.910 AVAST engine scan C:\Users\Rob
18:31:07.150 AVAST engine scan C:\ProgramData
18:32:28.836 Scan finished successfully
18:32:44.925 Disk 1 MBR has been saved successfully to "D:\Users\Rob\Desktop\MBR.dat"
18:32:44.940 The log file has been saved successfully to "D:\Users\Rob\Desktop\aswMBR.txt"



Data file attached

Thanks

Rob

Attached Files

  • Attached File  MBR.dat   512bytes   28 downloads

  • 0

#4
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please do the following:

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    %systemroot%\*. /mp /s
    %Temp%\smtmp\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#5
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Cheers Render

OTL.TXT



OTL logfile created on: 22/08/2012 7:58:22 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = D:\Users\Rob\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 52.69% Memory free
8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 135.04 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 262.82 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive E: | 2794.49 Gb Total Space | 1788.43 Gb Free Space | 64.00% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/22 19:55:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Users\Rob\Downloads\OTL.exe
PRC - [2012/07/31 20:39:20 | 000,896,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/07/06 20:36:50 | 001,006,336 | ---- | M] () -- C:\Program Files (x86)\WiFi Protector\wifiProtService.exe
PRC - [2012/07/06 20:36:50 | 000,200,448 | ---- | M] () -- C:\Program Files (x86)\WiFi Protector\wifiProtLauncher.exe
PRC - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/02/02 23:14:04 | 000,176,128 | ---- | M] (Skillbrains) -- C:\Users\Rob\AppData\Local\Skillbrains\lightshot\2.0.0.5\Lightshot.exe
PRC - [2011/12/23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) -- C:\Program Files (x86)\Soda 3D PDF Reader\ConversionService.exe
PRC - [2011/04/29 10:07:02 | 000,115,504 | ---- | M] () -- C:\Program Files (x86)\WizMouse\WizMouse.exe
PRC - [2010/08/29 17:41:47 | 000,215,040 | ---- | M] (Neuhaus13 Software) -- C:\Program Files (x86)\Screensaver Control\ScreensaverControl.exe
PRC - [2007/07/26 16:43:14 | 000,270,336 | ---- | M] (BonSoft) -- C:\Program Files (x86)\ClocX\ClocX.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 05:30:59 | 000,442,392 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppgooglenaclpluginchrome.dll
MOD - [2012/08/14 05:30:58 | 012,235,288 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
MOD - [2012/08/14 05:30:57 | 003,997,720 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
MOD - [2012/08/14 05:29:41 | 000,526,872 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\libglesv2.dll
MOD - [2012/08/14 05:29:39 | 000,104,984 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\libegl.dll
MOD - [2012/08/14 05:29:28 | 000,144,424 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\avutil-51.dll
MOD - [2012/08/14 05:29:27 | 000,266,792 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\avformat-54.dll
MOD - [2012/08/14 05:29:26 | 002,480,680 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\avcodec-54.dll
MOD - [2012/07/06 20:36:50 | 000,200,448 | ---- | M] () -- C:\Program Files (x86)\WiFi Protector\wifiProtLauncher.exe
MOD - [2012/04/10 14:09:08 | 000,057,344 | ---- | M] () -- C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
MOD - [2012/02/02 23:14:04 | 000,702,464 | ---- | M] () -- C:\Users\Rob\AppData\Local\Skillbrains\lightshot\2.0.0.5\ScreenshotDll.dll
MOD - [2011/04/29 10:07:02 | 000,115,504 | ---- | M] () -- C:\Program Files (x86)\WizMouse\WizMouse.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/19 00:04:02 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/04/06 00:45:04 | 000,167,936 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 20:14:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/06 20:36:50 | 001,006,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WiFi Protector\wifiProtService.exe -- (wifiProtService)
SRV - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2012/06/03 16:08:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2011/12/23 18:57:16 | 000,892,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Program Files (x86)\Soda 3D PDF Reader\ConversionService.exe -- (Soda 3D PDF Reader Service)
SRV - [2011/12/23 18:57:10 | 000,821,592 | ---- | M] (LULU Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Soda 3D PDF Reader\HelperService.exe -- (Soda 3D PDF Reader Helper Service)
SRV - [2010/11/20 13:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/22 20:12:49 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/04/10 10:30:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/17 11:04:34 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/07/26 03:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 22:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/29 17:35:46 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/07 16:06:30 | 000,076,112 | ---- | M] (PC Dynamics, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SAFDSKNT.SYS -- (SafDskNT)
DRV:64bit: - [2009/07/27 08:04:38 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/08/22 19:48:48 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.002\ex64.sys -- (NAVEX15)
DRV - [2012/08/22 19:48:48 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.002\eng64.sys -- (NAVENG)
DRV - [2012/08/11 01:25:13 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/08/09 19:37:44 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/09 11:11:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/06/14 19:39:24 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120821.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/10/25 17:26:10 | 000,005,632 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD 82 C6 1C 48 41 CB 01 [binary data]
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\..\SearchScopes,DefaultScope = {12850B53-A0D7-4EB4-81D6-392223BDAD69}
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\..\SearchScopes\{12850B53-A0D7-4EB4-81D6-392223BDAD69}: "URL" = http://www.google.co...rms}&meta=&rlz=
IE - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/22 20:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/08/22 13:13:40 | 000,000,000 | ---D | M]

[2012/05/21 18:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2012/05/21 18:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/29 16:44:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/05/21 18:10:52 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/05/21 18:10:52 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/05/21 18:10:52 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - homepage: http://www.virginmedia.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.virginmedia.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Rob\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Turn Off the Lights = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\
CHR - Extension: Freemake Video Downloader = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Scroll To Top Button = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\chiikmhgllekggjhdfjhajkfdkcngplp\6.1.9_0\
CHR - Extension: Autocomplete = on = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh\1.0_0\
CHR - Extension: Batman = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekigigeebfbfgpihhbaieimmbbecebdj\1.0_0\
CHR - Extension: Radioplayer = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch\0.93_0\
CHR - Extension: Search Assistant = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn\1.0.2\
CHR - Extension: InvisibleHand = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.16_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: My Chrome Theme = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Soda 3D PDF Reader Helper) - {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Program Files (x86)\Soda 3D PDF Reader\PDFIEHelper.dll (LULU Software)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Soda 3D PDF Reader Toolbar) - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Program Files (x86)\Soda 3D PDF Reader\PDFIEPlugin.dll (LULU Software)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ClocX] C:\Program Files (x86)\ClocX\ClocX.exe (BonSoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001..\Run: [LightShot] C:\Users\Rob\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001..\Run: [ScreensaverControl] C:\Program Files (x86)\Screensaver Control\ScreensaverControl.exe (Neuhaus13 Software)
O4 - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001..\Run: [WiFi Protector] C:\Program Files (x86)\WiFi Protector\wifiProtLauncher.exe ()
O4 - HKU\S-1-5-21-2469048996-4267459674-1519352151-1001..\Run: [WizMouse] C:\Program Files (x86)\WizMouse\WizMouse.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8:64bit: - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files (x86)\Canon\Easy-WebPrint\Resource.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16593721-1658-4E73-94EF-725A4192B9D8}: DhcpNameServer = 72.13.80.2 8.8.8.8 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E34622B0-56C8-4162-A72D-D2739A6DC5B5}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{21177f6d-570e-11e1-b08d-6cf049e63bd9}\Shell - "" = AutoRun
O33 - MountPoints2\{21177f6d-570e-11e1-b08d-6cf049e63bd9}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 20:42:15 | 000,000,000 | ---D | C] -- D:\Users\Rob\Documents\Links 2003
[2012/08/21 20:40:54 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/21 20:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/08/21 20:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Links 2003
[2012/08/21 20:32:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/08/18 22:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/08/18 22:26:51 | 000,000,000 | ---D | C] -- D:\Users\Rob\Documents\RegRun2
[2012/08/18 17:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/18 17:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/08/18 17:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/18 17:15:29 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/18 17:15:19 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/08/18 17:15:19 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/08/18 17:15:19 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/18 17:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/17 23:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/08/17 23:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/08/17 22:57:42 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/08/17 22:57:42 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/08/16 18:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/08/16 18:02:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\Apple
[2012/08/16 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/08/16 18:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/08/15 11:35:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 11:35:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 11:35:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 11:35:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 11:35:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 11:35:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 11:35:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 11:35:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 11:35:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 11:35:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 11:35:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 11:35:22 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 11:35:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 11:30:20 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 11:30:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 11:30:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 11:30:19 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 11:30:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 11:30:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 11:30:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 11:30:16 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 21:49:37 | 000,000,000 | ---D | C] -- C:\tmpMerge
[2012/08/09 20:06:45 | 000,000,000 | -H-D | C] -- D:\Users\Rob\Documents\Freemake_do_not_remove_this_folder634801396057252922
[2012/08/08 23:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/08 20:37:42 | 000,000,000 | -H-D | C] -- D:\Users\Rob\Documents\Freemake_do_not_remove_this_folder634800550626820455
[2012/08/07 20:34:59 | 000,000,000 | -H-D | C] -- D:\Users\Rob\Documents\Freemake_do_not_remove_this_folder
[2012/08/07 10:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/08/07 10:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/08/07 10:29:10 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/07 10:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/08/05 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\dvdcss
[2012/07/28 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\TeraCopy
[2012/07/28 14:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/07/28 14:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/07/26 00:09:05 | 000,000,000 | ---D | C] -- D:\Users\Rob\Documents\Wifi Protector
[2012/07/26 00:07:06 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2012/07/26 00:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiFi Protector
[2012/07/26 00:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiFi Protector
[2010/08/29 17:35:46 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Rob\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/22 19:48:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/22 19:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/22 19:12:33 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 19:12:33 | 000,023,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 18:32:44 | 000,000,512 | ---- | M] () -- D:\Users\Rob\Desktop\MBR.dat
[2012/08/22 13:12:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/22 13:12:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 13:12:05 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/18 22:26:53 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/08/18 22:26:53 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/08/18 22:26:53 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/08/18 17:15:15 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/08/18 17:15:15 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/08/18 17:15:15 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/08/18 17:15:15 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/08/18 17:15:15 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/08/18 17:15:15 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/08/18 11:18:19 | 001,923,304 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\Cat.DB
[2012/08/15 20:02:44 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\VT20120731.038
[2012/08/15 11:44:58 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/15 11:44:58 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/15 11:44:58 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/15 11:40:14 | 000,319,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 20:14:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/14 20:14:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/12 16:46:08 | 000,001,057 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\vso_ts_preview.xml
[2012/08/10 06:28:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1308000.00E\isolate.ini
[2012/07/29 18:26:55 | 000,000,535 | ---- | M] () -- D:\Users\Rob\Desktop\JukeBox.lnk

========== Files Created - No Company Name ==========

[2012/08/22 18:32:44 | 000,000,512 | ---- | C] () -- D:\Users\Rob\Desktop\MBR.dat
[2012/08/18 22:26:53 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/08/18 22:26:53 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/08/18 22:26:53 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/08/16 18:02:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/08/07 10:29:25 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/07 10:29:24 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/07 10:29:12 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 18:26:33 | 000,000,535 | ---- | C] () -- D:\Users\Rob\Desktop\JukeBox.lnk
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/22 13:48:44 | 000,001,940 | ---- | C] () -- C:\Users\Rob\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/11 21:03:16 | 000,001,703 | ---- | C] () -- C:\Users\Rob\AppData\Local\UserProducts.xml
[2011/02/11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/12/02 00:44:32 | 000,007,605 | ---- | C] () -- C:\Users\Rob\AppData\Local\Resmon.ResmonCfg
[2010/11/26 14:11:28 | 000,442,368 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2010/11/26 14:11:28 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2010/09/12 15:39:35 | 000,000,556 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2010/08/29 17:36:55 | 000,001,057 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\vso_ts_preview.xml
[2010/08/29 17:35:46 | 000,099,384 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\inst.exe
[2010/08/29 17:35:46 | 000,007,859 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.cat
[2010/08/29 17:35:46 | 000,001,167 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.inf
[2010/08/24 18:58:37 | 000,024,064 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/01/26 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Aaron Stewart
[2012/07/19 17:51:10 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AimOne
[2010/11/29 22:35:11 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AnvSoft
[2010/09/10 18:41:03 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ArcticLine
[2011/04/21 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Audacity
[2012/01/26 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\BatchRename
[2012/02/16 00:13:58 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\calibre
[2010/09/25 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canneverbe Limited
[2010/11/22 22:14:52 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/08/25 20:26:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\COWON
[2011/08/03 21:52:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Downloaded Installations
[2011/01/27 18:57:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DVDFab
[2012/05/10 00:01:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Foxit Software
[2012/05/21 18:11:01 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Greyfirst
[2011/01/14 18:43:19 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ImgBurn
[2010/10/19 22:16:00 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\IrfanView
[2010/09/19 00:02:31 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Leadertech
[2012/05/20 22:41:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Microgaming
[2011/08/07 14:37:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Nitro PDF
[2012/04/22 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ObviousIdea
[2012/07/10 21:11:20 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OfficeTab
[2012/08/21 11:22:38 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDF Software
[2011/06/12 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Samsung
[2010/09/12 15:39:37 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\ScanSoft
[2012/08/20 23:55:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Spider Player
[2011/10/28 21:52:58 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Sports Interactive
[2012/07/28 14:51:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TeraCopy
[2010/09/29 16:44:09 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TomTom
[2012/08/22 20:02:39 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\uTorrent
[2012/07/22 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\VideoReDo-TVSuite
[2012/08/13 23:51:40 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Vso
[2010/08/29 16:14:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\XnView
[2012/08/06 10:14:02 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2011/04/09 20:55:49 | 000,939,360 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\GPU-Z.0.5.3.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 03:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/20 13:41:34 | 000,000,828 | ---- | M] () MD5=7727266B4979A830910B4B6715A3E648 -- C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\PDHPYTKX\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 03:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 03:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache\LAN]
"AutodiscoveryFlags" = -2147483648
"DetectedInterfaceIpCount" = 4
"LastDetectHighDateTime" = 0
"LastDetectLowDateTime" = 0
"LastDetectTime" = 01/01/1601, 00:00:00 UTC
"DetectedInterfaceIps" = fe80::4819:c3c5:7817:3c75%11;fe80::18af:1531:ade1:25a6%13;192.168.2.2;2001:0:4137:9e74:18af:1531:ade1:25a6;
"LastDetectUrl" =

< %systemroot%\*. /mp /s >

< %Temp%\smtmp\*.* /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/12 22:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/12 22:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/12 22:58:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\ROB\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/08/14 05:31:01 | 001,229,848 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/04/12 22:58:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/04/12 22:58:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/04/12 22:58:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:66633281
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:58A5270D
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0888F409

< End of report >
  • 0

#6
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
OTL.Extras



OTL Extras logfile created on: 22/08/2012 7:58:22 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = D:\Users\Rob\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 52.69% Memory free
8.00 Gb Paging File | 5.93 Gb Available in Paging File | 74.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 135.04 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 262.82 Gb Free Space | 56.43% Space Free | Partition Type: NTFS
Drive E: | 2794.49 Gb Total Space | 1788.43 Gb Free Space | 64.00% Space Free | Partition Type: NTFS

Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [LightImageResizer] -- "C:\Program Files (x86)\ObviousIdea\Image Resizer 4\Resize.exe" "%1" (ObviousIdea SARL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [LightImageResizer] -- "C:\Program Files (x86)\ObviousIdea\Image Resizer 4\Resize.exe" "%1" (ObviousIdea SARL)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{120A0EF8-8C15-42ED-80EA-0CEC4B8C8085}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1428CCC5-7EA8-4D22-8D62-2B559E62FE63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15AF84CF-B4A7-4FF6-9E5D-10B382A08347}" = lport=139 | protocol=6 | dir=in | app=system |
"{1ADE7CF3-1156-4C16-A55F-1FC5E76289D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21F1CCDC-715F-403D-9027-49D70FE7E27C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{22CA1AA3-E47B-41B3-8F5E-328FC60324C4}" = lport=138 | protocol=17 | dir=in | app=system |
"{25FA4580-3B78-42CD-94F8-85F973F5E7F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36AEF0BD-8B70-463C-A1CF-D0A6A1A9E733}" = rport=445 | protocol=6 | dir=out | app=system |
"{49742624-4D89-4D09-8E58-53AC346C6736}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50E27376-3FA5-4B08-A74C-CE90EB544F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65809355-0B6E-441C-9F35-699C2AB2C154}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F1EB112-96D3-40BF-8E61-213F268807B0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{76386005-C15B-476C-BC46-583BA3F3C19E}" = rport=137 | protocol=17 | dir=out | app=system |
"{76C353A2-EFB3-4C3C-ADCB-2B6EDB6BE17C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78C57AAB-FDD6-4BCC-932F-DBDB5074FE34}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E6D587E-0A2F-42B8-9619-BA8A363660E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{906A1A6E-6049-48B1-9125-79DA4556238F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970D3869-5CDD-4857-B003-F8CB20EEDCDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9CFA0866-E7A1-4D14-BD77-ACA8211652EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC7578F4-09C6-4366-9C45-8CC97E67EEB6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCD6E5E5-B1BF-4BF4-8B78-A98B28F929D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE7B41A2-4E14-4E29-B665-730F89BBB229}" = lport=445 | protocol=6 | dir=in | app=system |
"{D10E300A-53C2-4294-A393-E56492C5881D}" = rport=139 | protocol=6 | dir=out | app=system |
"{D114E742-84FD-4788-B035-1481FA3A7B34}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D84BBE65-8E48-41CB-AC80-6D728444193F}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0313093B-4B4E-4A67-A573-D50926CB0D6B}" = protocol=6 | dir=out | app=system |
"{07D5B6FE-C62E-4C38-9C4B-D55571FA139F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{156B01AE-1E47-447E-B919-A97A6C34CB78}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C85D599-FCE7-4D45-9F6A-60F41E919133}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D68D024-9A2D-4E7B-9E8E-A8B9F857E3C6}" = protocol=58 | dir=in | app=system |
"{1FB2D9D6-9E02-4C45-91C5-A26FCDC95A41}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28CC717E-6C08-46C3-99EB-05BA36AA7C52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE644D7-0A76-4442-A18C-9E2E4F5D783D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4415D0EC-9F36-4AE2-8EDC-D9F7C2F0A23E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48B9E655-9E32-4F6A-8289-3D2C2CA55BD7}" = protocol=1 | dir=out | [email protected],-28544 |
"{51BCC767-7360-4514-900F-0818072A45B1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{58213E85-E3BB-48F7-ABBD-7F2569D41560}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{582445B5-5F13-4D3E-9769-D7B23AC00E94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68C3BD26-457B-4763-9721-81E3A8D811E8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{6DB39ED7-7697-4DCB-87C2-EE8F5844F2B6}" = protocol=1 | dir=in | [email protected],-28543 |
"{79FDD595-DBED-484E-98F8-C3057630D2A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C5C7B30-0198-4A55-B57B-EEFAE184CB75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{83972E0C-B8D8-48D8-9FD1-47D6113884A6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{852BACAF-40AB-43DA-97A2-6FF70E771626}" = protocol=58 | dir=in | [email protected],-28545 |
"{863436B9-1521-4B65-8BA5-394F849A9CEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89264131-D85A-46CE-9A95-AF92A7BB13A3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{916EF9FC-3F40-4B95-A411-AF7DAF86EE52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92D0D59A-4158-40DC-BECE-30D0B03E3881}" = protocol=58 | dir=out | [email protected],-503 |
"{A6E1E9BE-6B70-419E-8209-8EDB249DA117}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{A6EF985E-E7AD-4BCE-BCE1-E687C81F44BC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C80D0071-4DB9-4D70-ADAC-BFC8502FD7CC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CF41F7B8-776F-46AC-A171-1CEBA1B1C59C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{D09F554E-0677-4649-A62F-2DABB5136138}" = protocol=58 | dir=out | [email protected],-28546 |
"{D11CDE7E-CA75-414A-B02D-C5917B56A9EE}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D765B355-4F14-41B0-88C3-060AD02A23C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{DB2421CE-37C5-4FB3-B37D-D33EACCBD87C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBD51703-ECFC-40A2-A942-203F44819DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{DFE6F72D-EDAB-4A09-8430-AB4599B4133A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe |
"{E2C2FF7C-EF51-4238-BD0A-F01B8BC4A700}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{E516BB34-163E-4EE7-AA81-BEEB50241402}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{E5F842C7-B1F1-41E8-864B-2264E1366CD6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF7B9D8B-507C-43E5-91FE-CD29E96868DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 x64
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{B9C8424A-8D34-C7F9-0393-251A87C65125}" = ATI AVIVO64 Codecs
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DE469D65-1DEB-4058-BF95-C642D733668D}_is1" = Office Tab FreeEdition 9.00
"{F24FF688-7138-4CCF-A83F-71E9FB01170E}" = Folder Size for Windows (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.58
"Defraggler" = Defraggler
"Folder Marker_is1" = Folder Marker Pro v 3.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Recuva" = Recuva
"Speccy" = Speccy
"TeraCopy_is1" = TeraCopy 2.27
"wifiProt-SL_is1" = WiFi Protector - Complete uninstall
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner
"{1648AA90-179E-449D-8429-38DF0174CF68}_is1" = AimOne AVI Cutter & Joiner V2.01
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CBB6DE3-43F0-409D-8DD3-0171B498DE01}" = Soda 3D PDF Reader
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-2.0.0.5
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7AD92088-C96D-4ECC-B6DC-FC85075B7879}" = Wifi Backup Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80D161F8-8FF0-4FB3-BFC5-9A7016A17FA9}" = Leaf
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{C18E004E-8C44-4F63-91DD-7ABF7DECD712}" = calibre
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DD430FCC-8C63-9F99-8CAF-B0791B0756BD}" = HydraVision
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.3.0.0
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}" = Broken Shortcut Fixer
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced PDF Utilities Free_is1" = Advanced PDF Utilities Free 5.0.1
"Batch File Rename Utility_is1" = Batch File Rename (Remove only)
"Belarc Advisor" = Belarc Advisor 8.2
"CDisplay_is1" = CDisplay 1.8
"Celtx (2.9.7)" = Celtx (2.9.7)
"ClocX" = ClocX (1.5b2)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.2.2 (01/10/2010)
"Easy-WebPrint" = Easy-WebPrint
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.1.2
"FileHippo.com" = FileHippo.com Update Checker
"Foxit Reader_is1" = Foxit Reader
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.0.0
"Freemake Video Converter_is1" = Freemake Video Converter version 3.1.1
"Freemake Video Downloader_is1" = Freemake Video Downloader
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ImgBurn" = ImgBurn
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"KC Softwares IDPhotoStudio_is1" = KC Softwares IDPhotoStudio
"KindleDRMRemoval" = Kindle DRM Removal
"Leaf 2.0.1" = Leaf By Bendigo Design
"Links 2003 1.0" = Microsoft Links 2003
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MP3 Toolkit_is1" = MP3 Toolkit 1.0.3
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NIS" = Norton Internet Security
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PC Wizard 2012_is1" = PC Wizard 2012.2.0
"Picasa 3" = Picasa 3
"Recovery Toolbox for CD Free_is1" = Recovery Toolbox for CD Free 1.0
"SafeHouseExplorer" = SafeHouse Explorer 3.01
"Screensaver Control" = Screensaver Control
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"Spider Player_is1" = Spider Player 2.5.3
"Steam App 71270" = Football Manager 2012
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.4.549
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WizMouse_is1" = WizMouse v1.6.0.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2469048996-4267459674-1519352151-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bet365poker" = Poker at bet365
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/08/2012 11:11:47 AM | Computer Name = Rob-PC | Source = Application Hang | ID = 1002
Description = The program mpc-hc64.exe version 1.5.2.3456 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9b8 Start
Time: 01cd7e1cd15232a8 Termination Time: 42 Application Path: C:\Program Files\Media
Player Classic - Home Cinema\mpc-hc64.exe Report Id: 2fddc1d7-ea10-11e1-bd79-6cf049e63bd9


Error - 20/08/2012 7:17:15 AM | Computer Name = Rob-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 20/08/2012 7:17:15 AM | Computer Name = Rob-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 21/08/2012 6:22:34 AM | Computer Name = Rob-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 21/08/2012 6:22:34 AM | Computer Name = Rob-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

Error - 21/08/2012 4:08:16 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Faulting module name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Exception code: 0xc0000005 Fault offset: 0x001f8857 Faulting process
id: 0xf24 Faulting application start time: 0x01cd7fd50a4cebba Faulting application
path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Faulting
module path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Report
Id: f161a9ba-ebcb-11e1-83b7-6cf049e63bd9

Error - 21/08/2012 4:09:29 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Faulting module name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Exception code: 0xc0000005 Fault offset: 0x001f8857 Faulting process
id: 0xf00 Faulting application start time: 0x01cd7fd8be075649 Faulting application
path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Faulting
module path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Report
Id: 1cec5a27-ebcc-11e1-83b7-6cf049e63bd9

Error - 21/08/2012 4:10:54 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Faulting module name: LINKSMMIII.EXE, version: 22.7.8.241, time
stamp: 0x3d67f10e Exception code: 0xc0000005 Fault offset: 0x001f8857 Faulting process
id: 0x13c0 Faulting application start time: 0x01cd7fd8e3715be2 Faulting application
path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Faulting
module path: C:\Program Files (x86)\Microsoft Games\Links 2003\LINKSMMIII.EXE Report
Id: 4f7636d2-ebcc-11e1-83b7-6cf049e63bd9

Error - 22/08/2012 8:12:31 AM | Computer Name = Rob-PC | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
0x80070005

Error - 22/08/2012 8:12:31 AM | Computer Name = Rob-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x00000000.

[ System Events ]
Error - 21/08/2012 1:52:38 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 21/08/2012 2:52:38 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 21/08/2012 3:52:38 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 8:42:33 AM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 9:42:33 AM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 10:42:33 AM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 11:42:33 AM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 12:42:33 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 1:42:33 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5

Error - 22/08/2012 2:42:33 PM | Computer Name = Rob-PC | Source = Service Control Manager | ID = 7023
Description = The SPP Notification Service service terminated with the following
error: %%5


< End of report >
  • 0

#7
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Please download ComboFix from one of the following locations to your Desktop:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here.
  • Double click on ComboFix.exe and follow the prompts.
  • Accept the disclaimer and allow to update if it asks.

Posted Image

Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

  • 0

#8
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi Render

Ran Combofix , it say it was deleting files without any help from me so presume that was ok?

Here is the Log



ComboFix 12-08-22.03 - Rob 23/08/2012 12:50:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2795 [GMT 1:00]
Running from: d:\users\Rob\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\users\Rob\AppData\Roaming\inst.exe
c:\users\Rob\AppData\Roaming\Microsoft\~DFK1585c97.tmp
c:\users\Rob\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Rob\AppData\Roaming\Microsoft\bass.dll
c:\users\Rob\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Rob\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Rob\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Rob\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Rob\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Rob\AppData\Roaming\vso_ts_preview.xml
c:\windows\7Loader.TAG
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 11:56 . 2012-08-23 11:58 -------- d-----w- c:\users\Rob\AppData\Local\temp
2012-08-21 19:37 . 2012-08-21 19:42 -------- d-----w- c:\programdata\Links 2003
2012-08-21 19:32 . 2012-08-21 19:32 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-18 21:27 . 2012-08-18 21:37 -------- d-----w- c:\programdata\RegRun
2012-08-18 21:26 . 2012-08-18 21:26 2 --shatr- c:\windows\winstart.bat
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-18 16:18 . 2012-08-18 16:18 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-18 16:18 . 2012-08-18 16:18 -------- d-----w- c:\programdata\Apple Computer
2012-08-18 16:15 . 2012-08-18 16:15 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-18 16:15 . 2012-08-18 16:15 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-18 16:15 . 2012-08-18 16:15 188904 ----a-w- c:\windows\system32\java.exe
2012-08-18 16:15 . 2012-08-18 16:15 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-18 16:15 . 2012-08-18 16:15 -------- d-----w- c:\program files\Java
2012-08-17 22:01 . 2012-08-17 22:01 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-17 21:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-17 21:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\users\Rob\AppData\Local\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\programdata\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-15 10:33 . 2012-08-15 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-14 20:49 . 2012-08-19 21:37 -------- d-----w- C:\tmpMerge
2012-08-08 22:37 . 2012-08-08 22:37 -------- d-----w- c:\program files (x86)\Oracle
2012-08-07 09:29 . 2012-08-07 09:29 -------- d-----w- c:\program files\Google
2012-08-07 09:29 . 2012-08-14 19:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-07 09:29 . 2012-08-07 09:29 -------- d-----w- c:\windows\system32\Macromed
2012-08-05 18:37 . 2012-08-09 19:08 -------- d-----w- c:\users\Rob\AppData\Roaming\dvdcss
2012-07-28 13:49 . 2012-07-28 13:51 -------- d-----w- c:\users\Rob\AppData\Roaming\TeraCopy
2012-07-28 13:49 . 2012-07-28 13:49 -------- d-----w- c:\program files\TeraCopy
2012-07-25 23:07 . 2012-04-10 09:30 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-07-25 23:07 . 2012-08-12 12:21 -------- d-----w- c:\program files (x86)\WiFi Protector
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 16:15 . 2011-12-13 18:49 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-18 16:15 . 2011-02-13 22:01 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 10:31 . 2010-08-21 15:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 19:14 . 2011-03-11 17:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 21:12 . 2012-07-17 21:12 225280 ----atw- c:\users\Rob\AppData\Roaming\Microsoft\AdjMmsVista.dll
2012-07-05 21:06 . 2012-05-04 19:03 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 21:06 . 2010-08-21 15:52 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 12:46 . 2010-09-10 17:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 20:38 . 2012-06-26 20:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-19 15:54 . 2012-06-23 22:27 4065296 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-06-14 12:43 . 2012-06-23 22:27 5096448 ----a-w- c:\windows\system32\RCoRes64.dat
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 12:50 . 2012-06-11 12:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 12:50 . 2012-06-11 12:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 12:50 . 2012-06-11 12:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 12:50 . 2012-06-11 12:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 12:50 . 2012-06-11 12:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 12:50 . 2012-06-11 12:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 12:49 . 2012-06-11 12:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-09 05:43 . 2012-07-11 11:38 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-08 15:18 . 2012-06-23 22:27 3615888 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 09:44 . 2012-06-23 22:27 869520 ----a-w- c:\windows\system32\RtkApi64.dll
2012-06-06 06:06 . 2012-07-11 11:38 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:38 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:38 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:38 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:38 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:38 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 13:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 13:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 13:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 13:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 13:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:38 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:38 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:38 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:38 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:38 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:38 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-06-01 08:37 . 2012-06-23 22:27 2674320 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-05-31 17:08 . 2012-06-23 22:27 105616 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-05-28 06:09 . 2012-05-28 06:09 2168416 ----a-w- c:\windows\system32\coin91.dll
2012-05-25 17:06 . 2010-12-10 21:49 1706640 ----a-w- c:\windows\RtlExUpd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2FE0F895-6D1D-4c80-A20D-18E42DE9B631}]
2011-12-23 17:57 91992 ----a-w- c:\program files (x86)\Soda 3D PDF Reader\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64C9D46E-8F8B-4158-9780-A6581C7439B1}"= "c:\program files (x86)\Soda 3D PDF Reader\PDFIEPlugin.dll" [2011-12-23 750936]
.
[HKEY_CLASSES_ROOT\clsid\{64c9d46e-8f8b-4158-9780-a6581c7439b1}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{496FD2B4-369B-4c6b-B4F3-3D93A64D05E4}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScreensaverControl"="c:\program files (x86)\Screensaver Control\ScreensaverControl.exe" [2010-08-29 215040]
"LightShot"="c:\users\Rob\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2010-01-02 195072]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2011-04-29 115504]
"WiFi Protector"="c:\program files (x86)\WiFi Protector\WiFiProtLauncher.exe" [2012-07-06 200448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files (x86)\ClocX\ClocX.exe" [2007-07-26 270336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Soda 3D PDF Reader Helper Service;Soda 3D PDF Reader Helper Service;c:\program files (x86)\Soda 3D PDF Reader\HelperService.exe [2011-12-23 821592]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvia64.sys [2012-08-22 512672]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [2009-12-07 76112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-05 8704]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 Soda 3D PDF Reader Service;Soda 3D PDF Reader Service;c:\program files (x86)\Soda 3D PDF Reader\ConversionService.exe [2011-12-23 892760]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S2 wifiProtService;WiFi Protector Service;c:\program files (x86)\WiFi Protector\wifiProtService.exe [2012-07-06 1006336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-29 82816]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 19:14]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 09:29]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 09:29]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469048996-4267459674-1519352151-1001Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 14:37]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469048996-4267459674-1519352151-1001UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"combofix"="c:\combofix\CF13891.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 13:03:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 12:03
.
Pre-Run: 146,667,409,408 bytes free
Post-Run: 146,227,916,800 bytes free
.
- - End Of File - - 82F5BD3961C28FFDC00AD46A8DAB8F20
  • 0

#9
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your Windows is licensed?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\winstart.bat

Folder::

Registry::

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#10
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
New Combo log


ComboFix 12-08-22.03 - Rob 23/08/2012 14:55:59.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.2633 [GMT 1:00]
Running from: d:\users\Rob\Desktop\ComboFix.exe
Command switches used :: d:\users\Rob\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\winstart.bat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rob\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\windows\winstart.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 14:02 . 2012-08-23 14:04 -------- d-----w- c:\users\Rob\AppData\Local\temp
2012-08-23 14:02 . 2012-08-23 14:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 14:02 . 2012-08-23 14:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-21 19:37 . 2012-08-21 19:42 -------- d-----w- c:\programdata\Links 2003
2012-08-21 19:32 . 2012-08-21 19:32 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-08-18 21:27 . 2012-08-18 21:37 -------- d-----w- c:\programdata\RegRun
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-08-18 16:18 . 2012-08-18 16:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-08-18 16:18 . 2012-08-18 16:18 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-18 16:18 . 2012-08-18 16:18 -------- d-----w- c:\programdata\Apple Computer
2012-08-18 16:15 . 2012-08-18 16:15 289768 ----a-w- c:\windows\system32\javaws.exe
2012-08-18 16:15 . 2012-08-18 16:15 189416 ----a-w- c:\windows\system32\javaw.exe
2012-08-18 16:15 . 2012-08-18 16:15 188904 ----a-w- c:\windows\system32\java.exe
2012-08-18 16:15 . 2012-08-18 16:15 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-18 16:15 . 2012-08-18 16:15 -------- d-----w- c:\program files\Java
2012-08-17 22:01 . 2012-08-17 22:01 -------- d-----w- c:\program files\Microsoft Device Center
2012-08-17 21:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-17 21:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\users\Rob\AppData\Local\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\programdata\Apple
2012-08-16 17:02 . 2012-08-16 17:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-15 10:33 . 2012-08-15 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E
2012-08-14 20:49 . 2012-08-19 21:37 -------- d-----w- C:\tmpMerge
2012-08-08 22:37 . 2012-08-08 22:37 -------- d-----w- c:\program files (x86)\Oracle
2012-08-07 09:29 . 2012-08-07 09:29 -------- d-----w- c:\program files\Google
2012-08-07 09:29 . 2012-08-14 19:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-07 09:29 . 2012-08-07 09:29 -------- d-----w- c:\windows\system32\Macromed
2012-08-05 18:37 . 2012-08-09 19:08 -------- d-----w- c:\users\Rob\AppData\Roaming\dvdcss
2012-07-28 13:49 . 2012-07-28 13:51 -------- d-----w- c:\users\Rob\AppData\Roaming\TeraCopy
2012-07-28 13:49 . 2012-07-28 13:49 -------- d-----w- c:\program files\TeraCopy
2012-07-25 23:07 . 2012-04-10 09:30 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-07-25 23:07 . 2012-08-12 12:21 -------- d-----w- c:\program files (x86)\WiFi Protector
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-18 16:15 . 2011-12-13 18:49 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-18 16:15 . 2011-02-13 22:01 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 10:31 . 2010-08-21 15:31 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 19:14 . 2011-03-11 17:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 21:12 . 2012-07-17 21:12 225280 ----atw- c:\users\Rob\AppData\Roaming\Microsoft\AdjMmsVista.dll
2012-07-05 21:06 . 2012-05-04 19:03 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 21:06 . 2010-08-21 15:52 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 12:46 . 2010-09-10 17:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 20:38 . 2012-06-26 20:38 46176 ----a-w- c:\windows\system32\drivers\point64.sys
2012-06-19 15:54 . 2012-06-23 22:27 4065296 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-06-14 12:43 . 2012-06-23 22:27 5096448 ----a-w- c:\windows\system32\RCoRes64.dat
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 12:50 . 2012-06-11 12:50 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-06-11 12:50 . 2012-06-11 12:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-06-11 12:50 . 2012-06-11 12:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-06-11 12:50 . 2012-06-11 12:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-06-11 12:50 . 2012-06-11 12:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-06-11 12:50 . 2012-06-11 12:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
2012-06-11 12:49 . 2012-06-11 12:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-06-09 05:43 . 2012-07-11 11:38 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-08 15:18 . 2012-06-23 22:27 3615888 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 09:44 . 2012-06-23 22:27 869520 ----a-w- c:\windows\system32\RtkApi64.dll
2012-06-06 06:06 . 2012-07-11 11:38 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:38 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:38 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:38 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:38 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:38 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 13:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 13:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 13:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 13:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-22 13:24 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-22 13:24 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:38 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:38 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 11:38 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 11:38 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:38 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:38 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:38 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:38 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:38 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-06-01 08:37 . 2012-06-23 22:27 2674320 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-05-31 17:08 . 2012-06-23 22:27 105616 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-05-28 06:09 . 2012-05-28 06:09 2168416 ----a-w- c:\windows\system32\coin91.dll
2012-05-25 17:06 . 2010-12-10 21:49 1706640 ----a-w- c:\windows\RtlExUpd.dll
.
.
((((((((((((((((((((((((((((( [email protected]_11.58.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-23 11:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-23 14:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-23 11:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 14:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-21 14:48 . 2012-08-23 14:05 55164 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-23 14:05 37434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-21 15:07 . 2012-08-23 14:05 20910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2469048996-4267459674-1519352151-1001_UserData.bin
- 2010-08-21 12:20 . 2012-08-14 19:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 12:20 . 2012-08-23 13:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-21 12:20 . 2012-08-23 13:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-21 12:20 . 2012-08-14 19:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-14 19:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 13:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-23 11:58 . 2012-08-23 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-23 14:03 . 2012-08-23 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-23 11:58 . 2012-08-23 11:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-23 14:03 . 2012-08-23 14:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 23:08 . 2012-08-23 11:58 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-07-25 23:08 . 2012-08-23 14:03 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-08-23 11:58 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 14:03 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-08-23 11:57 283744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-23 14:02 283744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2FE0F895-6D1D-4c80-A20D-18E42DE9B631}]
2011-12-23 17:57 91992 ----a-w- c:\program files (x86)\Soda 3D PDF Reader\PDFIEHelper.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{64C9D46E-8F8B-4158-9780-A6581C7439B1}"= "c:\program files (x86)\Soda 3D PDF Reader\PDFIEPlugin.dll" [2011-12-23 750936]
.
[HKEY_CLASSES_ROOT\clsid\{64c9d46e-8f8b-4158-9780-a6581c7439b1}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter.1]
[HKEY_CLASSES_ROOT\TypeLib\{496FD2B4-369B-4c6b-B4F3-3D93A64D05E4}]
[HKEY_CLASSES_ROOT\SodaReaderPDFIEPlugin.PDFIEConverter]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScreensaverControl"="c:\program files (x86)\Screensaver Control\ScreensaverControl.exe" [2010-08-29 215040]
"LightShot"="c:\users\Rob\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2010-01-02 195072]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2011-04-29 115504]
"WiFi Protector"="c:\program files (x86)\WiFi Protector\WiFiProtLauncher.exe" [2012-07-06 200448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ClocX"="c:\program files (x86)\ClocX\ClocX.exe" [2007-07-26 270336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Soda 3D PDF Reader Helper Service;Soda 3D PDF Reader Helper Service;c:\program files (x86)\Soda 3D PDF Reader\HelperService.exe [2011-12-23 821592]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-21 1255736]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-26 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvia64.sys [2012-08-22 512672]
S1 SafDskNT;SafeHouse;c:\windows\system32\drivers\SAFDSKNT.SYS [2009-12-07 76112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-18 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-05 8704]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 Soda 3D PDF Reader Service;Soda 3D PDF Reader Service;c:\program files (x86)\Soda 3D PDF Reader\ConversionService.exe [2011-12-23 892760]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S2 wifiProtService;WiFi Protector Service;c:\program files (x86)\WiFi Protector\wifiProtService.exe [2012-07-06 1006336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-08-29 82816]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 19:14]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 09:29]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07 09:29]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469048996-4267459674-1519352151-1001Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 14:37]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2469048996-4267459674-1519352151-1001UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 14:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files (x86)\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-23 15:08:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 14:08
ComboFix2.txt 2012-08-23 12:03
.
Pre-Run: 146,099,830,784 bytes free
Post-Run: 146,019,938,304 bytes free
.
- - End Of File - - 534DA172620C69A2FBCEBFE28335EB80


Cheers Render appreciate the hard work.
  • 0

Advertisements


#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Are you aware of Skillbrains and LightShot.exe? It was installed by you?

Posted Image Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here and double click on mbam-setup.exe to install the application

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Click on Check for Updates button.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#12
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi Render

Yeah had Lightshot installed for a while , recommended by Web User magazine I think , it allows you to grab any part of your screen you want and either print, email or whatever that part.

Skillbrains is the company behind it.


Have Malwarebytes installed going to run a scan and report back.

Thanks again
  • 0

#13
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Malwarebytes Log



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rob :: ROB-PC [administrator]

23/08/2012 3:44:16 PM
mbam-log-2012-08-23 (15-44-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221354
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


To be fair, it never found anything even when Cox.exe was doing stuff so wasn't too confident with this program.


Has that Lightshot program got a bad rep do you know?
  • 0

#14
carbuncle

carbuncle

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Chrome also offers this as an extension.
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts

Has that Lightshot program got a bad rep do you know?

No. Just from curiosity as Combofix has flagged it for deletion.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click on Report sending and then the link avptool sysinfo.zip (open the file manager) to locate the zip file to upload and attach to your next post

Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP