View Full Version : Metropolitan Police Fine Virus
Robertomac
2012-10-03, 11:43
Hi,
I've picked up a virus claiming to be from the Metropolitan Police saying it has detect illegal activity on my machine and I have to pay a £100 fine to get rid of it! This virus brings up a screen immediately after the machines starts up which I am unable to remove.
The only way I can now access my machine is if I start windows in safe mode.
Hope someone can help!
------ DDS Log -----
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2
Run by Rob at 9:41:29 on 2012-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3039.2326 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SimpleGatewayService\service\SimpleService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\rob\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [vtvdbveczjsvtfv] c:\programdata\vtvdbvec.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - c:\microgaming\poker\ladbrokesmpp\MPPoker.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.90
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C} : DhcpNameServer = 192.168.0.90
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\0554455425D20534F52456C6B696E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\244575966496 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\35F4E495C4140545F40523F5E4564777F627B6 : DhcpNameServer = 193.36.79.100 193.36.79.101
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\35F4E495C4140545F40523F5E4564777F627B6F513 : DhcpNameServer = 193.36.79.101 193.36.79.100
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\4586560234C6F65746 : DhcpNameServer = 87.236.128.54 91.143.64.59
TCP: Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}\C696E6B6379737 : DhcpNameServer = 193.36.79.100 193.36.79.101
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\oewn5vwf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\users\rob\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 SimpleGateway Service;SimpleGateway Service;c:\program files\simplegatewayservice\service\SimpleService.exe [2009-7-16 88656]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-4-22 1768376]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-8 4231680]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-5-15 9344]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-26 176128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-25 136176]
S2 Mezzmo;Mezzmo;c:\program files\conceiva\mezzmo\MezzmoMediaServer.exe [2011-8-29 2664784]
S2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-12-17 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService.exe [2009-12-17 133664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-20 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2009-12-17 120104]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2009-12-17 70952]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2009-12-17 427304]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2009-12-17 75048]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2009-12-17 91432]
S2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-6-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-12-17 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-1-14 5184872]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-12-17 468264]
S2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250288]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-6-18 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-5-15 29736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-25 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-25 114144]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-7 52224]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-12-17 83240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-25 1343400]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
.
=============== Created Last 30 ================
.
2012-10-03 07:35:12 -------- d-----w- c:\programdata\qopbtyuczalkedw
2012-10-03 07:35:11 107520 ----a-w- c:\programdata\vtvdbvec.exe
2012-10-03 07:35:05 107520 ----a-w- c:\users\rob\ms.exe
2012-10-02 21:47:14 -------- d-----w- c:\users\rob\appdata\local\{040F02F8-44B4-4B39-AB8F-8D192A3B18CF}
2012-10-02 09:04:52 -------- d-----w- c:\users\rob\appdata\local\{2AC3CCA3-BEDB-4A90-8E1A-C6A27F059346}
2012-10-01 21:04:28 -------- d-----w- c:\users\rob\appdata\local\{71AF728C-BD16-476F-BC5D-1AB577AA1E7E}
2012-10-01 09:04:03 -------- d-----w- c:\users\rob\appdata\local\{9F370336-4325-46E9-A7DE-BEC7C948E6CA}
2012-09-30 09:03:28 -------- d-----w- c:\users\rob\appdata\local\{16706077-772C-434F-B4CA-E10335309AF8}
2012-09-29 09:02:53 -------- d-----w- c:\users\rob\appdata\local\{52459947-7EA2-4B80-B6E0-C3FBF400AD1E}
2012-09-28 21:01:46 -------- d-----w- c:\users\rob\appdata\local\{EA097D24-FAC6-4378-B952-0D7C8B3A080A}
2012-09-28 07:48:19 -------- d-----w- c:\users\rob\appdata\local\{8100F575-16B4-4175-A04E-001525712A15}
2012-09-27 07:39:58 -------- d-----w- c:\users\rob\appdata\local\{3D59D889-A4F6-4E81-BD6B-8A9C1DBA00AA}
2012-09-26 08:41:30 -------- d-----w- c:\users\rob\appdata\local\{52F64F1E-6CCA-4F6A-8325-8F96ACE638F0}
2012-09-25 20:41:03 -------- d-----w- c:\users\rob\appdata\local\{922F5A16-D9D2-4EC9-B710-5B0AE54747B6}
2012-09-25 08:40:40 -------- d-----w- c:\users\rob\appdata\local\{FC79D61D-E983-47AE-B83B-C754DFE97A84}
2012-09-24 20:40:15 -------- d-----w- c:\users\rob\appdata\local\{5B4AC3E7-494D-403C-81E9-564B9E619789}
2012-09-24 08:39:51 -------- d-----w- c:\users\rob\appdata\local\{19202510-FF5E-4FB3-80E9-F22D133455C8}
2012-09-23 20:39:26 -------- d-----w- c:\users\rob\appdata\local\{34436A24-819D-450C-BD24-10323F31F780}
2012-09-23 08:39:00 -------- d-----w- c:\users\rob\appdata\local\{DB995933-193D-43C3-93CE-FECA0D2376D6}
2012-09-22 20:38:39 -------- d-----w- c:\users\rob\appdata\local\{FEBA4E6B-B47B-4B6E-A5F4-FCCEF202631B}
2012-09-22 08:53:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 08:38:00 -------- d-----w- c:\users\rob\appdata\local\{99D0396F-39B7-48DF-9097-8081F151F34F}
2012-09-21 20:05:26 -------- d-----w- c:\users\rob\appdata\local\{51003E27-0814-4A7D-A0AD-CF7661691BB7}
2012-09-21 08:05:01 -------- d-----w- c:\users\rob\appdata\local\{19F122B1-92DF-47C8-AEEE-832717E64A27}
2012-09-20 20:04:37 -------- d-----w- c:\users\rob\appdata\local\{0D2F0303-8FF3-46F9-A40E-6CBFC690415C}
2012-09-20 08:04:13 -------- d-----w- c:\users\rob\appdata\local\{0CE7F19C-0AEB-4225-BA5A-07383FE25446}
2012-09-19 20:03:49 -------- d-----w- c:\users\rob\appdata\local\{C6AD761F-0A75-4091-8DBC-EBB5D88A558C}
2012-09-19 08:03:24 -------- d-----w- c:\users\rob\appdata\local\{2F43E508-8D30-4063-B70E-C97201F5C832}
2012-09-18 20:03:01 -------- d-----w- c:\users\rob\appdata\local\{A0D1BEDE-2FBC-42ED-A39F-DE1D1C91F3F4}
2012-09-18 08:02:03 -------- d-----w- c:\users\rob\appdata\local\{CC2B2B9E-1E33-4BF4-8A3F-59543D4CB330}
2012-09-17 19:31:07 -------- d-----w- c:\users\rob\appdata\local\{2470794C-3B51-4AA7-9707-1EE24CC34880}
2012-09-17 07:10:29 -------- d-----w- c:\users\rob\appdata\local\{5C07CF4C-1ABF-443E-976E-6CBFAAA54D8A}
2012-09-16 12:41:29 -------- d-----w- c:\users\rob\appdata\local\{2B68FD9D-9BF3-4A54-936F-0856532EC12A}
2012-09-15 22:59:38 -------- d-----w- c:\users\rob\appdata\local\{58C80EA9-FB1A-4F1C-9D8C-CA897AA1850F}
2012-09-15 10:59:23 -------- d-----w- c:\users\rob\appdata\local\{28DB2DE8-27D4-420C-9710-80BD17FB6188}
2012-09-14 20:21:03 -------- d-----w- c:\users\rob\appdata\local\{920CABBB-E926-4754-AB78-4EF59D7807D2}
2012-09-14 08:20:33 -------- d-----w- c:\users\rob\appdata\local\{13DF5660-03EC-4E74-ABE0-15EAB8EDFD30}
2012-09-13 20:19:53 -------- d-----w- c:\users\rob\appdata\local\{4DACBD7A-5913-4125-A838-187B70C82F4F}
2012-09-13 20:07:33 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 20:06:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 08:19:28 -------- d-----w- c:\users\rob\appdata\local\{499D18A5-68FA-4597-867E-B2E7BA103222}
2012-09-12 20:19:04 -------- d-----w- c:\users\rob\appdata\local\{A49748B8-6E9D-4281-8575-7F9954343AB9}
2012-09-12 17:00:22 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 17:00:22 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 17:00:22 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 08:18:40 -------- d-----w- c:\users\rob\appdata\local\{572FC6E9-32CF-4804-8124-1A05B4193A0B}
2012-09-11 20:18:17 -------- d-----w- c:\users\rob\appdata\local\{D68E13FD-CFF7-46FD-97C6-FBAF2FE8E169}
2012-09-11 08:17:52 -------- d-----w- c:\users\rob\appdata\local\{9DFB23E8-81DD-4916-A6C9-AD94F2215F02}
2012-09-10 20:17:29 -------- d-----w- c:\users\rob\appdata\local\{52BD13D4-A793-4B13-8C7D-164D8D5ACE22}
2012-09-10 08:16:29 -------- d-----w- c:\users\rob\appdata\local\{F6A14C0F-105E-45D9-86EA-6E398193247E}
2012-09-09 19:06:00 -------- d-----w- c:\users\rob\appdata\local\{94DB305B-1534-4C79-AC47-C88D10E1D43D}
2012-09-09 07:03:44 -------- d-----w- c:\users\rob\appdata\local\{4762145C-1576-4EAC-A0BA-27354F892E7E}
2012-09-08 20:03:48 -------- d-----w- c:\users\rob\appdata\local\{55E890D8-45A6-48B8-9391-E5C0F1C0A3CD}
2012-09-08 08:03:24 -------- d-----w- c:\users\rob\appdata\local\{7F6E943E-2037-41FC-AAA7-A866B40DC5C6}
2012-09-07 20:03:00 -------- d-----w- c:\users\rob\appdata\local\{3F17E31A-5476-4C00-8CF6-D96F06AAF9CD}
2012-09-07 08:02:04 -------- d-----w- c:\users\rob\appdata\local\{AEA81D40-5A85-4BB4-9119-6E54F8402911}
2012-09-06 19:57:44 -------- d-----w- c:\users\rob\appdata\local\{5206B994-AC1B-456A-A4A6-5283D7449627}
2012-09-06 07:57:19 -------- d-----w- c:\users\rob\appdata\local\{D3AD8FF4-0A5D-4E48-9899-A6A59E8AD16A}
2012-09-05 08:29:03 -------- d-----w- c:\users\rob\appdata\local\{650D655B-850B-4A56-BA75-1E0AA93B93AB}
2012-09-04 20:28:38 -------- d-----w- c:\users\rob\appdata\local\{54F53F3C-87F7-4202-B745-7C3E43AA7C62}
2012-09-04 08:28:18 -------- d-----w- c:\users\rob\appdata\local\{C9E8A9DA-D817-41B9-8A32-D5FBF35B98D7}
2012-09-03 19:54:43 -------- d-----w- c:\users\rob\appdata\local\{D65B1AE2-9352-427F-BCDD-BFF28166E3D5}
.
==================== Find3M ====================
.
2012-09-30 17:03:24 174056 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2012-09-21 12:06:12 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 12:06:12 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-13 20:05:48 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 16:57:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:42:58.66 ===============
------ aswMBRLog -----
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 09:47:31
-----------------------------
09:47:31.697 OS Version: Windows 6.1.7601 Service Pack 1
09:47:31.697 Number of processors: 2 586 0x170A
09:47:31.697 ComputerName: SONYLAPTOP2 UserName: Rob
09:47:32.789 Initialize success
09:48:19.168 AVAST engine defs: 12100300
09:49:21.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:49:21.677 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
09:49:21.677 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007e
09:49:21.677 Disk 1 Vendor: RICOH 01 Size: 3777MB BusType: 0
09:49:21.677 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007f
09:49:21.677 Disk 2 Vendor: RICOH 02 Size: 3777MB BusType: 0
09:49:21.708 Disk 0 MBR read successfully
09:49:21.724 Disk 0 MBR scan
09:49:21.724 Disk 0 Windows 7 default MBR code
09:49:21.740 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10508 MB offset 2048
09:49:21.755 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466430 MB offset 21522432
09:49:21.786 Disk 0 scanning sectors +976771120
09:49:21.864 Disk 0 scanning C:\Windows\system32\drivers
09:49:34.625 Service scanning
09:50:07.073 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
09:50:14.499 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
09:50:14.608 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
09:50:16.449 Modules scanning
09:50:27.400 Disk 0 trace - called modules:
09:50:27.447 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
09:50:27.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8628e618]
09:50:27.447 3 CLASSPNP.SYS[8b0bb59e] -> nt!IofCallDriver -> [0x85846848]
09:50:27.478 5 ACPI.sys[8a89b3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da6028]
09:50:28.601 AVAST engine scan C:\Windows
09:50:31.893 AVAST engine scan C:\Windows\system32
09:53:28.033 AVAST engine scan C:\Windows\system32\drivers
09:53:54.662 AVAST engine scan C:\Users\Rob
09:55:06.157 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
09:55:06.173 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 09:47:31
-----------------------------
09:47:31.697 OS Version: Windows 6.1.7601 Service Pack 1
09:47:31.697 Number of processors: 2 586 0x170A
09:47:31.697 ComputerName: SONYLAPTOP2 UserName: Rob
09:47:32.789 Initialize success
09:48:19.168 AVAST engine defs: 12100300
09:49:21.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:49:21.677 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
09:49:21.677 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007e
09:49:21.677 Disk 1 Vendor: RICOH 01 Size: 3777MB BusType: 0
09:49:21.677 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007f
09:49:21.677 Disk 2 Vendor: RICOH 02 Size: 3777MB BusType: 0
09:49:21.708 Disk 0 MBR read successfully
09:49:21.724 Disk 0 MBR scan
09:49:21.724 Disk 0 Windows 7 default MBR code
09:49:21.740 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10508 MB offset 2048
09:49:21.755 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 466430 MB offset 21522432
09:49:21.786 Disk 0 scanning sectors +976771120
09:49:21.864 Disk 0 scanning C:\Windows\system32\drivers
09:49:34.625 Service scanning
09:50:07.073 Service Teefer2 C:\Windows\system32\DRIVERS\teefer2.sys **LOCKED** 32
09:50:14.499 Service WPS C:\Windows\system32\drivers\wpsdrvnt.sys **LOCKED** 32
09:50:14.608 Service WpsHelper C:\Windows\system32\drivers\WpsHelper.sys **LOCKED** 32
09:50:16.449 Modules scanning
09:50:27.400 Disk 0 trace - called modules:
09:50:27.447 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
09:50:27.447 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8628e618]
09:50:27.447 3 CLASSPNP.SYS[8b0bb59e] -> nt!IofCallDriver -> [0x85846848]
09:50:27.478 5 ACPI.sys[8a89b3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85da6028]
09:50:28.601 AVAST engine scan C:\Windows
09:50:31.893 AVAST engine scan C:\Windows\system32
09:53:28.033 AVAST engine scan C:\Windows\system32\drivers
09:53:54.662 AVAST engine scan C:\Users\Rob
09:55:06.157 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
09:55:06.173 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
10:17:51.956 Disk 0 MBR has been saved successfully to "C:\Users\Rob\Desktop\MBR.dat"
10:17:51.956 The log file has been saved successfully to "C:\Users\Rob\Desktop\aswMBR.txt"
oldman960
2012-10-04, 18:10
Hi Robertomac, welcome to the forum.
To make cleaning this machine easier
Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
You will not be able to disable your security programs while in safemode. Please disregard that part of the instructions when running this tool.
When combofix reboots the computer please reboot back to safe mode and let combofix complete it's run. Save the log and boot to normal windows and post the log.
Download ComboFix from :
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. If you recieve a message after running combofix similar to "Illegal operation attempted on a registry marked for deletion" simply reboot the computer to resolve it.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please post back with the combofix log.
Thanks
Robertomac
2012-10-04, 21:39
Hi oldman960,
Thank you so much for replying to my post.
Just to update you before I proceed with your instructions... I managed to run Malware Bytes from my machine after starting in safe mode. This picked up two things which I deleted, but the problem still occurred when I started the machine normally. Then, after accessing MSCONFIG via the command line prompt, I found something suspicious on my startup items which was obviously this ransomware. I disabled this and am now able to start my computer normally, however I am concerned this malicious software may still be lurking deeper in the machine.
Should I re-run the software that provides the logs and post the results?
Many thanks,
Rob
oldman960
2012-10-04, 23:44
Hi Robertomac,
Please follow the instructions for running combofix. Now that you are able to access the computer in normal windows please run combofix in normal windows and follow all the instructions including disabling your security programs.
When it's finished please post the log.
Robertomac
2012-10-05, 10:41
ComboFix Log below:
ComboFix 12-10-04.02 - Rob 05/10/2012 9:14.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3039.1553 [GMT 1:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Parameters
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-03 08:39 . 2012-10-03 08:39 -------- d-----w- c:\program files\ERUNT
2012-09-22 08:53 . 2012-08-24 15:20 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-13 20:07 . 2012-09-13 20:07 -------- d-----w- c:\program files\Common Files\Java
2012-09-13 20:07 . 2012-09-13 20:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-13 20:06 . 2012-09-13 20:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-12 17:00 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 17:00 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 17:00 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 17:03 . 2009-03-09 20:18 174056 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2012-09-21 12:06 . 2012-04-02 07:37 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 12:06 . 2011-05-28 05:58 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-13 20:05 . 2011-01-16 07:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 16:04 . 2009-12-16 23:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 17:47 . 2012-08-19 15:10 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-07 12:13 . 2012-09-07 12:13 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-25 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-2 789032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-08-04 08:58 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Rob\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2009-05-26 09:23 317288 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveZilla]
2011-02-18 09:08 7029760 ----a-w- c:\program files\LiveZilla\LiveZilla.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 17:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-08-21 20:23 7596576 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHTtray.exe]
2009-07-27 16:58 99624 ----a-w- c:\program files\Common Files\Sony Shared\SOHLib\SHTtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-08-04 22:17 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Mezzmo;Mezzmo;c:\program files\Conceiva\Mezzmo\MezzmoMediaServer.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SimpleGateway Service;SimpleGateway Service;c:\program files\SimpleGatewayService\service\SimpleService.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk
*Deregistered* - mfebopk
*Deregistered* - mfesmfk
*Deregistered* - MPFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:06]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 10:14]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-25 10:14]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:30]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 18:30]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.90
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-vtvdbveczjsvtfv - c:\programdata\vtvdbvec.exe
AddRemove-ladbrokes (Poker) - c:\microgaming\Poker\LadbrokesMPP\install.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(676)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'Explorer.exe'(5028)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Sony\VAIO Update 4\VAIOUpdt.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-10-05 09:40:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-05 08:40
.
Pre-Run: 287,543,504,896 bytes free
Post-Run: 287,550,808,064 bytes free
.
- - End Of File - - 7AB56B4BBBA53608FB358BFEF2AB3848
oldman960
2012-10-05, 19:22
Hi Robertomac
Combofix removed the entry you disabled in msconfig but I don't see the file.
Let's get a couple of scans.
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop
Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output
Check the box beside "scan all users"
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following
/md5start
vtvdbvec.exe
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad windows OTL.Txt, please post this in your next reply.
Next
Download RogueKiller (http://tigzy.geekstogo.com/roguekiller.html) to your desktop (by tigzy)
Quit all programs
Right Click select "Run as Administrator" to start RogueKiller
Wait until Prescan has finished ...
Click on Scan
Click the Report button, save the report to your desktop
Please post back with
OTL log
RogueKiller log
Robertomac
2012-10-05, 23:35
Here's the OTL log - just running the next one now and will post shortly...
OTL logfile created on: 05/10/2012 22:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.97 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.34% Memory free
5.93 Gb Paging File | 4.75 Gb Available in Paging File | 80.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.50 Gb Total Space | 268.07 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive D: | 3.69 Gb Total Space | 2.75 Gb Free Space | 74.65% Space Free | Partition Type: FAT32
Drive H: | 5.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SONYLAPTOP2 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Rob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files\SimpleGatewayService\service\SimpleService.exe ()
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Apoint\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\4.0.0.4200__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\4.0.0.4200__e3c7096ba83f9295\SPMCommon.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mezzmo) -- C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe (Conceiva Pty. Ltd.)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SimpleGateway Service) -- C:\Program Files\SimpleGatewayService\service\SimpleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\Rob\AppData\Local\Temp\catchme.sys File not found
DRV - (WpsHelper) -- C:\Windows\System32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121004.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121004.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5DEF0F6B-4D5B-4504-BBC4-4DF2A01873FF}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes,DefaultScope = {10086605-ED77-40D8-AFBB-23D0EDA577E2}
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{10086605-ED77-40D8-AFBB-23D0EDA577E2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_en
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{5DEF0F6B-4D5B-4504-BBC4-4DF2A01873FF}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: beta@linkdiagnosis.com:2.3.6
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.16.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 13:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/13 21:07:33 | 000,000,000 | ---D | M]
[2011/12/04 18:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2012/09/06 09:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions
[2012/07/26 23:27:12 | 000,066,808 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\beta@linkdiagnosis.com.xpi
[2012/09/02 09:18:59 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\firebug@software.joehewitt.com.xpi
[2012/07/21 10:52:15 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/09/06 09:01:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/24 22:38:50 | 000,225,157 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2012/09/07 13:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 13:13:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/07 13:13:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/29 10:48:58 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/29 23:39:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/29 10:48:58 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/29 10:48:58 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/04 17:49:42 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/29 23:39:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/07/29 10:48:57 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - homepage: http://www.searchqu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2012/10/05 10:43:23 | 000,000,467 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.36.79.101 193.36.79.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}: DhcpNameServer = 193.36.79.101 193.36.79.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1366x768.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1366x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/05 22:14:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012/10/05 09:40:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/05 09:33:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/05 09:11:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/05 09:11:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/05 09:11:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/05 09:11:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 09:09:41 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2012/10/05 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1B330C82-E564-42F1-8314-4F94BBFE2EF7}
[2012/10/04 03:00:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{16852366-DAF5-414A-BEA2-5B7CF9B4F1B9}
[2012/10/03 12:46:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2FF364C8-6DA8-4996-B590-C26E0FEF7610}
[2012/10/03 10:45:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/03 09:47:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2012/10/03 09:41:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2012/10/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/10/03 09:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/10/03 09:38:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2012/10/02 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{040F02F8-44B4-4B39-AB8F-8D192A3B18CF}
[2012/10/02 10:04:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2AC3CCA3-BEDB-4A90-8E1A-C6A27F059346}
[2012/10/01 22:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{71AF728C-BD16-476F-BC5D-1AB577AA1E7E}
[2012/10/01 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9F370336-4325-46E9-A7DE-BEC7C948E6CA}
[2012/09/30 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{16706077-772C-434F-B4CA-E10335309AF8}
[2012/09/29 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52459947-7EA2-4B80-B6E0-C3FBF400AD1E}
[2012/09/28 22:01:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{EA097D24-FAC6-4378-B952-0D7C8B3A080A}
[2012/09/28 08:48:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8100F575-16B4-4175-A04E-001525712A15}
[2012/09/27 08:39:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3D59D889-A4F6-4E81-BD6B-8A9C1DBA00AA}
[2012/09/26 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52F64F1E-6CCA-4F6A-8325-8F96ACE638F0}
[2012/09/25 21:41:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{922F5A16-D9D2-4EC9-B710-5B0AE54747B6}
[2012/09/25 09:40:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{FC79D61D-E983-47AE-B83B-C754DFE97A84}
[2012/09/24 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5B4AC3E7-494D-403C-81E9-564B9E619789}
[2012/09/24 09:39:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{19202510-FF5E-4FB3-80E9-F22D133455C8}
[2012/09/23 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{34436A24-819D-450C-BD24-10323F31F780}
[2012/09/23 09:39:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DB995933-193D-43C3-93CE-FECA0D2376D6}
[2012/09/22 21:38:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{FEBA4E6B-B47B-4B6E-A5F4-FCCEF202631B}
[2012/09/22 09:54:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 09:54:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 09:54:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 09:54:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 09:53:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 09:38:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{99D0396F-39B7-48DF-9097-8081F151F34F}
[2012/09/21 21:05:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{51003E27-0814-4A7D-A0AD-CF7661691BB7}
[2012/09/21 09:05:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{19F122B1-92DF-47C8-AEEE-832717E64A27}
[2012/09/20 21:04:37 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D2F0303-8FF3-46F9-A40E-6CBFC690415C}
[2012/09/20 09:04:13 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0CE7F19C-0AEB-4225-BA5A-07383FE25446}
[2012/09/19 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C6AD761F-0A75-4091-8DBC-EBB5D88A558C}
[2012/09/19 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2F43E508-8D30-4063-B70E-C97201F5C832}
[2012/09/18 21:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A0D1BEDE-2FBC-42ED-A39F-DE1D1C91F3F4}
[2012/09/18 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{CC2B2B9E-1E33-4BF4-8A3F-59543D4CB330}
[2012/09/17 20:31:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2470794C-3B51-4AA7-9707-1EE24CC34880}
[2012/09/17 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5C07CF4C-1ABF-443E-976E-6CBFAAA54D8A}
[2012/09/16 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2B68FD9D-9BF3-4A54-936F-0856532EC12A}
[2012/09/15 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{58C80EA9-FB1A-4F1C-9D8C-CA897AA1850F}
[2012/09/15 11:59:23 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{28DB2DE8-27D4-420C-9710-80BD17FB6188}
[2012/09/14 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{920CABBB-E926-4754-AB78-4EF59D7807D2}
[2012/09/14 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{13DF5660-03EC-4E74-ABE0-15EAB8EDFD30}
[2012/09/13 22:14:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\Andys Cert
[2012/09/13 21:19:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4DACBD7A-5913-4125-A838-187B70C82F4F}
[2012/09/13 21:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/13 21:07:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/13 21:07:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 21:06:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/13 21:06:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/13 21:06:31 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{499D18A5-68FA-4597-867E-B2E7BA103222}
[2012/09/12 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A49748B8-6E9D-4281-8575-7F9954343AB9}
[2012/09/12 18:00:22 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 18:00:22 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{572FC6E9-32CF-4804-8124-1A05B4193A0B}
[2012/09/11 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D68E13FD-CFF7-46FD-97C6-FBAF2FE8E169}
[2012/09/11 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9DFB23E8-81DD-4916-A6C9-AD94F2215F02}
[2012/09/10 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52BD13D4-A793-4B13-8C7D-164D8D5ACE22}
[2012/09/10 09:16:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F6A14C0F-105E-45D9-86EA-6E398193247E}
[2012/09/09 20:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{94DB305B-1534-4C79-AC47-C88D10E1D43D}
[2012/09/09 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4762145C-1576-4EAC-A0BA-27354F892E7E}
[2012/09/08 21:03:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{55E890D8-45A6-48B8-9391-E5C0F1C0A3CD}
[2012/09/08 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7F6E943E-2037-41FC-AAA7-A866B40DC5C6}
[2012/09/07 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3F17E31A-5476-4C00-8CF6-D96F06AAF9CD}
[2012/09/07 13:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AEA81D40-5A85-4BB4-9119-6E54F8402911}
[2012/09/06 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5206B994-AC1B-456A-A4A6-5283D7449627}
[2012/09/06 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D3AD8FF4-0A5D-4E48-9899-A6A59E8AD16A}
[2011/02/15 10:50:00 | 001,562,904 | ---- | C] (CleverStat ) -- C:\Users\Rob\googlemon.exe
[2011/02/03 15:32:21 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Users\Rob\putty.exe
[2010/01/27 19:57:28 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Rob\ADBEPHSPCS4_LS1.exe
[2010/01/27 19:29:55 | 001,228,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Rob\ADBEDRWVCS4_LS1.exe
========== Files - Modified Within 30 Days ==========
[2012/10/05 22:17:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000UA.job
[2012/10/05 22:14:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012/10/05 22:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 21:58:12 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 21:58:12 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 21:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 21:50:12 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 21:49:32 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2012/10/05 21:49:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/10/05 21:48:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 21:47:16 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 10:43:23 | 000,000,467 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/05 09:17:03 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000Core.job
[2012/10/05 09:09:54 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2012/10/03 22:20:05 | 000,628,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 22:20:05 | 000,111,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 10:45:14 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/03 10:18:51 | 000,006,351 | ---- | M] () -- C:\Users\Rob\Desktop\Attach.zip
[2012/10/03 10:17:51 | 000,000,512 | ---- | M] () -- C:\Users\Rob\Desktop\MBR.dat
[2012/10/03 09:47:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2012/10/03 09:41:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2012/10/03 09:39:33 | 000,000,879 | ---- | M] () -- C:\Users\Rob\Desktop\ERUNT.lnk
[2012/10/03 09:38:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2012/09/30 18:03:24 | 000,174,056 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WpsHelper.sys
[2012/09/22 19:41:07 | 000,002,503 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/22 19:41:07 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/21 13:06:12 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 13:06:12 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 14:21:23 | 000,092,123 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_mockup.jpg
[2012/09/20 14:20:51 | 000,143,695 | ---- | M] () -- C:\Users\Rob\Desktop\afh_mockup_pres.jpg
[2012/09/20 14:18:48 | 000,054,515 | ---- | M] () -- C:\Users\Rob\Desktop\afh_monitor.jpg
[2012/09/20 14:17:38 | 002,432,730 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_mockup.png
[2012/09/20 13:26:07 | 000,780,049 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_logo.png
[2012/09/19 21:37:19 | 000,426,818 | ---- | M] () -- C:\Users\Rob\Desktop\afh1.jpg
[2012/09/19 21:34:47 | 000,303,550 | ---- | M] () -- C:\Users\Rob\Desktop\DSC00042.jpg
[2012/09/19 14:06:00 | 006,423,531 | ---- | M] () -- C:\Users\Rob\Desktop\AFH1 Transporter Graphics.ai
[2012/09/16 19:47:24 | 000,275,984 | ---- | M] () -- C:\Users\Rob\Desktop\jess.pdf
[2012/09/16 19:46:52 | 000,724,992 | ---- | M] () -- C:\Users\Rob\Desktop\jess.indd
[2012/09/16 16:08:59 | 000,425,708 | ---- | M] () -- C:\Users\Rob\Desktop\jess.jpg
[2012/09/13 21:05:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 21:05:49 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 21:05:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/13 21:05:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/13 21:05:48 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/13 21:05:48 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/10/05 11:24:07 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/10/05 11:19:19 | 000,001,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/10/05 09:11:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/05 09:11:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/05 09:11:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/05 09:11:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/05 09:11:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/03 10:18:51 | 000,006,351 | ---- | C] () -- C:\Users\Rob\Desktop\Attach.zip
[2012/10/03 09:55:06 | 000,000,512 | ---- | C] () -- C:\Users\Rob\Desktop\MBR.dat
[2012/10/03 09:39:33 | 000,000,879 | ---- | C] () -- C:\Users\Rob\Desktop\ERUNT.lnk
[2012/09/20 14:20:51 | 000,143,695 | ---- | C] () -- C:\Users\Rob\Desktop\afh_mockup_pres.jpg
[2012/09/20 14:18:45 | 000,054,515 | ---- | C] () -- C:\Users\Rob\Desktop\afh_monitor.jpg
[2012/09/20 14:17:55 | 000,092,123 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_mockup.jpg
[2012/09/20 13:27:10 | 002,432,730 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_mockup.png
[2012/09/20 13:26:06 | 000,780,049 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_logo.png
[2012/09/19 21:37:19 | 000,426,818 | ---- | C] () -- C:\Users\Rob\Desktop\afh1.jpg
[2012/09/19 21:34:45 | 000,303,550 | ---- | C] () -- C:\Users\Rob\Desktop\DSC00042.jpg
[2012/09/19 14:06:00 | 006,423,531 | ---- | C] () -- C:\Users\Rob\Desktop\AFH1 Transporter Graphics.ai
[2012/09/16 19:42:23 | 000,275,984 | ---- | C] () -- C:\Users\Rob\Desktop\jess.pdf
[2012/09/16 16:36:11 | 000,724,992 | ---- | C] () -- C:\Users\Rob\Desktop\jess.indd
[2012/09/16 16:08:58 | 000,425,708 | ---- | C] () -- C:\Users\Rob\Desktop\jess.jpg
[2011/12/07 21:57:38 | 000,139,264 | ---- | C] () -- C:\Windows\System32\C30coi.dll
[2011/03/31 21:17:57 | 000,000,091 | ---- | C] () -- C:\Users\Rob\AppData\Local\fusioncache.dat
[2011/02/04 12:32:10 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/02/04 12:31:59 | 000,000,111 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/02/04 12:31:56 | 000,021,638 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/02/04 12:31:55 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/02/04 12:31:55 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/02/04 12:31:55 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/02/03 15:39:44 | 000,000,600 | ---- | C] () -- C:\Users\Rob\AppData\Local\PUTTY.RND
[2011/01/14 20:40:39 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011/01/06 10:40:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/13 15:19:31 | 000,004,608 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 19:57:28 | 853,860,607 | ---- | C] () -- C:\Users\Rob\ADBEPHSPCS4_LS1.7z
[2010/01/27 19:29:55 | 360,578,904 | ---- | C] () -- C:\Users\Rob\ADBEDRWVCS4_LS1.7z
[2010/01/20 19:31:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/11/05 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\360safe
[2012/04/02 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Amazon
[2012/01/25 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AV Bros Puzzle Pro 3.1 DEMO
[2012/06/19 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Blueberry
[2010/11/29 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Bullzip
[2010/01/24 00:20:42 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/10/28 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/27 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/09/23 15:45:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CoreFTP
[2010/04/07 22:51:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Free Monitor for Google
[2011/02/08 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\iBlubox Ltd
[2010/02/28 16:22:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\InterVideo
[2012/06/01 22:38:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\LogSys
[2012/02/24 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Microgaming
[2009/12/17 00:09:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Opera
[2012/05/10 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDAppFlex
[2010/11/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SE_logs
[2012/01/27 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/21 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TeamViewer
[2012/03/10 09:52:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2012/07/06 20:22:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< End of report >
Robertomac
2012-10-05, 23:48
And here's Roguekiller...
OTL logfile created on: 05/10/2012 22:16:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.97 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 59.34% Memory free
5.93 Gb Paging File | 4.75 Gb Available in Paging File | 80.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.50 Gb Total Space | 268.07 Gb Free Space | 58.85% Space Free | Partition Type: NTFS
Drive D: | 3.69 Gb Total Space | 2.75 Gb Free Space | 74.65% Space Free | Partition Type: FAT32
Drive H: | 5.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: SONYLAPTOP2 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Rob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files\SimpleGatewayService\service\SimpleService.exe ()
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Apoint\Apvfb.exe (ALPS)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\100d39c2f8985cb93e26feef86ba5212\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMDam\4.0.0.4200__1b3c579b6925895f\SPMDam.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SPMCommon\4.0.0.4200__e3c7096ba83f9295\SPMCommon.dll ()
========== Services (SafeList) ==========
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Mezzmo) -- C:\Program Files\Conceiva\Mezzmo\MezzmoMediaServer.exe (Conceiva Pty. Ltd.)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SimpleGateway Service) -- C:\Program Files\SimpleGatewayService\service\SimpleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (yksvc) -- C:\Windows\System32\ykx32mpcoinst.dll (Marvell)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\Rob\AppData\Local\Temp\catchme.sys File not found
DRV - (WpsHelper) -- C:\Windows\System32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121004.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121004.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (NetworkX) -- C:\Windows\System32\Ckldrv.sys ()
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5DEF0F6B-4D5B-4504-BBC4-4DF2A01873FF}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes,DefaultScope = {10086605-ED77-40D8-AFBB-23D0EDA577E2}
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{10086605-ED77-40D8-AFBB-23D0EDA577E2}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SNYK_en
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{5DEF0F6B-4D5B-4504-BBC4-4DF2A01873FF}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: beta@linkdiagnosis.com:2.3.6
FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:1.8.1
FF - prefs.js..extensions.enabledAddons: {da8bd68d-8e90-41cd-8345-a71b294e72e6}:2.0.16.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 13:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/13 21:07:33 | 000,000,000 | ---D | M]
[2011/12/04 18:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2012/09/06 09:01:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions
[2012/07/26 23:27:12 | 000,066,808 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\beta@linkdiagnosis.com.xpi
[2012/09/02 09:18:59 | 001,625,368 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\firebug@software.joehewitt.com.xpi
[2012/07/21 10:52:15 | 000,049,607 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/09/06 09:01:22 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/07/24 22:38:50 | 000,225,157 | ---- | M] () (No name found) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2012/09/07 13:13:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 13:13:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/07 13:13:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/29 10:48:58 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/29 23:39:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/29 10:48:58 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/07/29 10:48:58 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/12/04 17:49:42 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/29 23:39:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/07/29 10:48:57 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - homepage: http://www.searchqu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O1 HOSTS File: ([2012/10/05 10:43:23 | 000,000,467 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2666001434-4179671170-2231323440-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.36.79.101 193.36.79.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE96790-4686-40BD-8E31-EC2D5119169C}: DhcpNameServer = 193.36.79.101 193.36.79.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1366x768.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img5 Wallpaper 1366x768.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/10/05 22:14:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012/10/05 09:40:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/05 09:33:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/05 09:11:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/05 09:11:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/05 09:11:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/05 09:11:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/05 09:09:41 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2012/10/05 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{1B330C82-E564-42F1-8314-4F94BBFE2EF7}
[2012/10/04 03:00:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{16852366-DAF5-414A-BEA2-5B7CF9B4F1B9}
[2012/10/03 12:46:42 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2FF364C8-6DA8-4996-B590-C26E0FEF7610}
[2012/10/03 10:45:10 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/03 09:47:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2012/10/03 09:41:24 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2012/10/03 09:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/10/03 09:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/10/03 09:38:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2012/10/02 22:47:14 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{040F02F8-44B4-4B39-AB8F-8D192A3B18CF}
[2012/10/02 10:04:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2AC3CCA3-BEDB-4A90-8E1A-C6A27F059346}
[2012/10/01 22:04:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{71AF728C-BD16-476F-BC5D-1AB577AA1E7E}
[2012/10/01 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9F370336-4325-46E9-A7DE-BEC7C948E6CA}
[2012/09/30 10:03:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{16706077-772C-434F-B4CA-E10335309AF8}
[2012/09/29 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52459947-7EA2-4B80-B6E0-C3FBF400AD1E}
[2012/09/28 22:01:46 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{EA097D24-FAC6-4378-B952-0D7C8B3A080A}
[2012/09/28 08:48:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{8100F575-16B4-4175-A04E-001525712A15}
[2012/09/27 08:39:58 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3D59D889-A4F6-4E81-BD6B-8A9C1DBA00AA}
[2012/09/26 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52F64F1E-6CCA-4F6A-8325-8F96ACE638F0}
[2012/09/25 21:41:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{922F5A16-D9D2-4EC9-B710-5B0AE54747B6}
[2012/09/25 09:40:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{FC79D61D-E983-47AE-B83B-C754DFE97A84}
[2012/09/24 21:40:15 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5B4AC3E7-494D-403C-81E9-564B9E619789}
[2012/09/24 09:39:51 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{19202510-FF5E-4FB3-80E9-F22D133455C8}
[2012/09/23 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{34436A24-819D-450C-BD24-10323F31F780}
[2012/09/23 09:39:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{DB995933-193D-43C3-93CE-FECA0D2376D6}
[2012/09/22 21:38:39 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{FEBA4E6B-B47B-4B6E-A5F4-FCCEF202631B}
[2012/09/22 09:54:03 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 09:54:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 09:54:00 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 09:54:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 09:53:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 09:38:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{99D0396F-39B7-48DF-9097-8081F151F34F}
[2012/09/21 21:05:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{51003E27-0814-4A7D-A0AD-CF7661691BB7}
[2012/09/21 09:05:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{19F122B1-92DF-47C8-AEEE-832717E64A27}
[2012/09/20 21:04:37 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0D2F0303-8FF3-46F9-A40E-6CBFC690415C}
[2012/09/20 09:04:13 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{0CE7F19C-0AEB-4225-BA5A-07383FE25446}
[2012/09/19 21:03:49 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{C6AD761F-0A75-4091-8DBC-EBB5D88A558C}
[2012/09/19 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2F43E508-8D30-4063-B70E-C97201F5C832}
[2012/09/18 21:03:01 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A0D1BEDE-2FBC-42ED-A39F-DE1D1C91F3F4}
[2012/09/18 09:02:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{CC2B2B9E-1E33-4BF4-8A3F-59543D4CB330}
[2012/09/17 20:31:07 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2470794C-3B51-4AA7-9707-1EE24CC34880}
[2012/09/17 08:10:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5C07CF4C-1ABF-443E-976E-6CBFAAA54D8A}
[2012/09/16 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{2B68FD9D-9BF3-4A54-936F-0856532EC12A}
[2012/09/15 23:59:38 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{58C80EA9-FB1A-4F1C-9D8C-CA897AA1850F}
[2012/09/15 11:59:23 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{28DB2DE8-27D4-420C-9710-80BD17FB6188}
[2012/09/14 21:21:03 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{920CABBB-E926-4754-AB78-4EF59D7807D2}
[2012/09/14 09:20:33 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{13DF5660-03EC-4E74-ABE0-15EAB8EDFD30}
[2012/09/13 22:14:55 | 000,000,000 | ---D | C] -- C:\Users\Rob\Desktop\Andys Cert
[2012/09/13 21:19:53 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4DACBD7A-5913-4125-A838-187B70C82F4F}
[2012/09/13 21:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/13 21:07:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/13 21:07:33 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 21:06:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/13 21:06:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/13 21:06:31 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 09:19:28 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{499D18A5-68FA-4597-867E-B2E7BA103222}
[2012/09/12 21:19:04 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{A49748B8-6E9D-4281-8575-7F9954343AB9}
[2012/09/12 18:00:22 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 18:00:22 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{572FC6E9-32CF-4804-8124-1A05B4193A0B}
[2012/09/11 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D68E13FD-CFF7-46FD-97C6-FBAF2FE8E169}
[2012/09/11 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{9DFB23E8-81DD-4916-A6C9-AD94F2215F02}
[2012/09/10 21:17:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{52BD13D4-A793-4B13-8C7D-164D8D5ACE22}
[2012/09/10 09:16:29 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{F6A14C0F-105E-45D9-86EA-6E398193247E}
[2012/09/09 20:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{94DB305B-1534-4C79-AC47-C88D10E1D43D}
[2012/09/09 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{4762145C-1576-4EAC-A0BA-27354F892E7E}
[2012/09/08 21:03:48 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{55E890D8-45A6-48B8-9391-E5C0F1C0A3CD}
[2012/09/08 09:03:24 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{7F6E943E-2037-41FC-AAA7-A866B40DC5C6}
[2012/09/07 21:03:00 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{3F17E31A-5476-4C00-8CF6-D96F06AAF9CD}
[2012/09/07 13:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/07 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{AEA81D40-5A85-4BB4-9119-6E54F8402911}
[2012/09/06 20:57:44 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{5206B994-AC1B-456A-A4A6-5283D7449627}
[2012/09/06 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Local\{D3AD8FF4-0A5D-4E48-9899-A6A59E8AD16A}
[2011/02/15 10:50:00 | 001,562,904 | ---- | C] (CleverStat ) -- C:\Users\Rob\googlemon.exe
[2011/02/03 15:32:21 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Users\Rob\putty.exe
[2010/01/27 19:57:28 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Rob\ADBEPHSPCS4_LS1.exe
[2010/01/27 19:29:55 | 001,228,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Rob\ADBEDRWVCS4_LS1.exe
========== Files - Modified Within 30 Days ==========
[2012/10/05 22:17:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000UA.job
[2012/10/05 22:14:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2012/10/05 22:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/05 21:58:12 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 21:58:12 | 000,011,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/05 21:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/05 21:50:12 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/05 21:49:32 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI
[2012/10/05 21:49:18 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/10/05 21:48:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 21:47:16 | 2389,987,328 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 10:43:23 | 000,000,467 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/05 09:17:03 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2666001434-4179671170-2231323440-1000Core.job
[2012/10/05 09:09:54 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\ComboFix.exe
[2012/10/03 22:20:05 | 000,628,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 22:20:05 | 000,111,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 10:45:14 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rob\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/03 10:18:51 | 000,006,351 | ---- | M] () -- C:\Users\Rob\Desktop\Attach.zip
[2012/10/03 10:17:51 | 000,000,512 | ---- | M] () -- C:\Users\Rob\Desktop\MBR.dat
[2012/10/03 09:47:13 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rob\Desktop\aswMBR.exe
[2012/10/03 09:41:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rob\Desktop\dds.scr
[2012/10/03 09:39:33 | 000,000,879 | ---- | M] () -- C:\Users\Rob\Desktop\ERUNT.lnk
[2012/10/03 09:38:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Rob\Desktop\erunt-setup.exe
[2012/09/30 18:03:24 | 000,174,056 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WpsHelper.sys
[2012/09/22 19:41:07 | 000,002,503 | ---- | M] () -- C:\Users\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/09/22 19:41:07 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/09/21 13:06:12 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 13:06:12 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/20 14:21:23 | 000,092,123 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_mockup.jpg
[2012/09/20 14:20:51 | 000,143,695 | ---- | M] () -- C:\Users\Rob\Desktop\afh_mockup_pres.jpg
[2012/09/20 14:18:48 | 000,054,515 | ---- | M] () -- C:\Users\Rob\Desktop\afh_monitor.jpg
[2012/09/20 14:17:38 | 002,432,730 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_mockup.png
[2012/09/20 13:26:07 | 000,780,049 | ---- | M] () -- C:\Users\Rob\Desktop\afh1_logo.png
[2012/09/19 21:37:19 | 000,426,818 | ---- | M] () -- C:\Users\Rob\Desktop\afh1.jpg
[2012/09/19 21:34:47 | 000,303,550 | ---- | M] () -- C:\Users\Rob\Desktop\DSC00042.jpg
[2012/09/19 14:06:00 | 006,423,531 | ---- | M] () -- C:\Users\Rob\Desktop\AFH1 Transporter Graphics.ai
[2012/09/16 19:47:24 | 000,275,984 | ---- | M] () -- C:\Users\Rob\Desktop\jess.pdf
[2012/09/16 19:46:52 | 000,724,992 | ---- | M] () -- C:\Users\Rob\Desktop\jess.indd
[2012/09/16 16:08:59 | 000,425,708 | ---- | M] () -- C:\Users\Rob\Desktop\jess.jpg
[2012/09/13 21:05:55 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/13 21:05:49 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/13 21:05:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/13 21:05:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/13 21:05:48 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/09/13 21:05:48 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/10/05 11:24:07 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/10/05 11:19:19 | 000,001,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/10/05 09:11:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/05 09:11:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/05 09:11:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/05 09:11:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/05 09:11:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/03 10:18:51 | 000,006,351 | ---- | C] () -- C:\Users\Rob\Desktop\Attach.zip
[2012/10/03 09:55:06 | 000,000,512 | ---- | C] () -- C:\Users\Rob\Desktop\MBR.dat
[2012/10/03 09:39:33 | 000,000,879 | ---- | C] () -- C:\Users\Rob\Desktop\ERUNT.lnk
[2012/09/20 14:20:51 | 000,143,695 | ---- | C] () -- C:\Users\Rob\Desktop\afh_mockup_pres.jpg
[2012/09/20 14:18:45 | 000,054,515 | ---- | C] () -- C:\Users\Rob\Desktop\afh_monitor.jpg
[2012/09/20 14:17:55 | 000,092,123 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_mockup.jpg
[2012/09/20 13:27:10 | 002,432,730 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_mockup.png
[2012/09/20 13:26:06 | 000,780,049 | ---- | C] () -- C:\Users\Rob\Desktop\afh1_logo.png
[2012/09/19 21:37:19 | 000,426,818 | ---- | C] () -- C:\Users\Rob\Desktop\afh1.jpg
[2012/09/19 21:34:45 | 000,303,550 | ---- | C] () -- C:\Users\Rob\Desktop\DSC00042.jpg
[2012/09/19 14:06:00 | 006,423,531 | ---- | C] () -- C:\Users\Rob\Desktop\AFH1 Transporter Graphics.ai
[2012/09/16 19:42:23 | 000,275,984 | ---- | C] () -- C:\Users\Rob\Desktop\jess.pdf
[2012/09/16 16:36:11 | 000,724,992 | ---- | C] () -- C:\Users\Rob\Desktop\jess.indd
[2012/09/16 16:08:58 | 000,425,708 | ---- | C] () -- C:\Users\Rob\Desktop\jess.jpg
[2011/12/07 21:57:38 | 000,139,264 | ---- | C] () -- C:\Windows\System32\C30coi.dll
[2011/03/31 21:17:57 | 000,000,091 | ---- | C] () -- C:\Users\Rob\AppData\Local\fusioncache.dat
[2011/02/04 12:32:10 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/02/04 12:31:59 | 000,000,111 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/02/04 12:31:56 | 000,021,638 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/02/04 12:31:55 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/02/04 12:31:55 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/02/04 12:31:55 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/02/03 15:39:44 | 000,000,600 | ---- | C] () -- C:\Users\Rob\AppData\Local\PUTTY.RND
[2011/01/14 20:40:39 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI
[2011/01/06 10:40:10 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/13 15:19:31 | 000,004,608 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/27 19:57:28 | 853,860,607 | ---- | C] () -- C:\Users\Rob\ADBEPHSPCS4_LS1.7z
[2010/01/27 19:29:55 | 360,578,904 | ---- | C] () -- C:\Users\Rob\ADBEDRWVCS4_LS1.7z
[2010/01/20 19:31:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/11/05 21:31:50 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\360safe
[2012/04/02 22:56:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Amazon
[2012/01/25 16:41:07 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\AV Bros Puzzle Pro 3.1 DEMO
[2012/06/19 21:04:47 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Blueberry
[2010/11/29 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Bullzip
[2010/01/24 00:20:42 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Canon
[2011/10/28 22:47:02 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/27 10:05:06 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/09/23 15:45:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\CoreFTP
[2010/04/07 22:51:48 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Free Monitor for Google
[2011/02/08 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\iBlubox Ltd
[2010/02/28 16:22:24 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\InterVideo
[2012/06/01 22:38:49 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\LogSys
[2012/02/24 22:31:57 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Microgaming
[2009/12/17 00:09:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Opera
[2012/05/10 09:43:55 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PDAppFlex
[2010/11/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SE_logs
[2012/01/27 14:56:05 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/21 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TeamViewer
[2012/03/10 09:52:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2012/07/06 20:22:21 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< End of report >
oldman960
2012-10-06, 09:22
Hi Robertomac,
You posted the OTL log twice. The RogueKiller log should be on your desktop.
Next, Right click on OTL.exe and chose Run as Administrator to run it
Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :
:Services
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="
[2011/12/04 17:49:42 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
CHR - homepage: http://www.searchqu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchqu.com/406
:Files
c:\programdata\vtvdbvec.exe
c:\programdata\qopbtyuczalkedw
c:\users\rob\ms.exe
:Commands
[purity]
[createrestorepoint]
Then click the Run Fix button at the top
Let the program run unhindered
Please save the resulting log to be posted in your next reply.
Please post the OTL fix log.
Next
Please download AdwCleaner from here (http://general-changelog-team.fr/en/tools/15-adwcleaner) and save it to your desktop.
Right click on AdwCleaner.exe and click "Run as Administrator" to run the tool.
elect Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply
Please post back with
OTL fix log
AdwCleaner log
How's the computer?
Robertomac
2012-10-06, 22:12
Sorry! My mistake. Here's the Roguekiller log...
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Rob [Admin rights]
Mode : Scan -- Date : 10/05/2012 22:46:28
¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]
[SUSP PATH] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]
[RESIDUE] MediaServer.exe -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[TASK][SUSP PATH] {73622E1E-7CC2-4901-9EDB-EAB21C033E13} : C:\Windows\System32\pcalua.exe -a C:\Users\Rob\Desktop\googlemon.exe -d "C:\Program Files\Mozilla Firefox" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x834E4CA9 -> HOOKED (Unknown @ 0x87A434E8)
SSDT[14] : NtAlertThread @ 0x83437BC0 -> HOOKED (Unknown @ 0x87A435A8)
SSDT[19] : NtAllocateVirtualMemory @ 0x83430BCC -> HOOKED (Unknown @ 0x87A43EA0)
SSDT[59] : ExpInterlockedPopEntrySListResume @ 0x8347EF59 -> HOOKED (Unknown @ 0x875A60D8)
SSDT[74] : NtCreateMutant @ 0x8341728E -> HOOKED (Unknown @ 0x87A43298)
SSDT[87] : NtCreateThread @ 0x834E2ED6 -> HOOKED (Unknown @ 0x87A43FB0)
SSDT[131] : NtFreeVirtualMemory @ 0x832C047A -> HOOKED (Unknown @ 0x87A43D00)
SSDT[145] : NtImpersonateAnonymousToken @ 0x833FC8BC -> HOOKED (Unknown @ 0x87A43368)
SSDT[147] : NtImpersonateThread @ 0x8348084C -> HOOKED (Unknown @ 0x87A43428)
SSDT[168] : NtMapViewOfSection @ 0x8344D512 -> HOOKED (Unknown @ 0x87A43C20)
SSDT[177] : NtOpenEvent @ 0x83416C8A -> HOOKED (Unknown @ 0x87A46008)
SSDT[191] : NtOpenProcessToken @ 0x8346B21F -> HOOKED (Unknown @ 0x87A50518)
SSDT[199] : NtOpenThreadToken @ 0x8347F534 -> HOOKED (Unknown @ 0x87A439C0)
SSDT[304] : NtResumeThread @ 0x83477572 -> HOOKED (Unknown @ 0x87692B88)
SSDT[316] : NtSetContextThread @ 0x834E4755 -> HOOKED (Unknown @ 0x87A43900)
SSDT[333] : NtSetInformationProcess @ 0x8343F76D -> HOOKED (Unknown @ 0x87A43A90)
SSDT[335] : NtSetInformationThread @ 0x83470CD6 -> HOOKED (Unknown @ 0x87A43830)
SSDT[366] : NtSuspendProcess @ 0x834E4BE3 -> HOOKED (Unknown @ 0x87A46F48)
SSDT[367] : NtSuspendThread @ 0x8349C085 -> HOOKED (Unknown @ 0x87A436B0)
SSDT[370] : NtTerminateProcess @ 0x83461BCD -> HOOKED (Unknown @ 0x878F51A0)
SSDT[371] : NtTerminateThread @ 0x8347F584 -> HOOKED (Unknown @ 0x87A43770)
SSDT[385] : NtUnmapViewOfSection @ 0x8346B85A -> HOOKED (Unknown @ 0x87A43B60)
SSDT[399] : NtWriteVirtualMemory @ 0x8346692A -> HOOKED (Unknown @ 0x87A43DD0)
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS545050B9SA00 +++++
--- User ---
[MBR] d84c7d1512d116b4d97eb8f1f187c739
[BSP] 741f8356a3fbcab98a0f80f103cfe0b5 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10508 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21522432 | Size: 466430 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++
--- User ---
[MBR] 83b42057fb3fd1d945874c9bf1406a5b
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8192 | Size: 3777 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Robertomac
2012-10-06, 22:18
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
File\Folder c:\programdata\vtvdbvec.exe not found.
File\Folder c:\programdata\qopbtyuczalkedw not found.
File\Folder c:\users\rob\ms.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 10062012_211520
Robertomac
2012-10-06, 23:33
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 22:23:03
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Rob - SONYLAPTOP2
# Boot Mode : Normal
# Running from : C:\Users\Rob\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
-\\ Mozilla Firefox v15.0.1 (en-GB)
Profile name : default
File : C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\prefs.js
C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\oewn5vwf.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v22.0.1229.79
File : C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.8] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Deleted [l.50] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=113&systemid=406&sr=0&q={searchTerms}",
Deleted [l.1186] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.1361] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
-\\ Opera v10.10.1893.0
File : C:\Users\Rob\AppData\Roaming\Opera\Opera\operaprefs.ini
Deleted : Home URL=hxxp://www.searchqu.com/406
*************************
AdwCleaner[S1].txt - [2595 octets] - [06/10/2012 22:23:03]
########## EOF - C:\AdwCleaner[S1].txt - [2655 octets] ##########
Robertomac
2012-10-06, 23:36
How's the computer?
Everything seems to be back to normal and the machine is running as before. It was my concern that this ransomware had deposited itself deep within my system. Thank you so much for all your help. Your expertise is invaluable.
oldman960
2012-10-07, 10:20
Hi Robertomac,
I do believe you are good to go.
We'll clean up the tools now.
From your desktop, please delete, if present
any notepads/logs that we created
aswMBR.exe
RogueKiller
mbr.dat
DDS.scr
AdwCleaner
Next
Click the Start button. Copy and paste the following line into the search box and click OK
Combofix /uninstall
Next
Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.
I suggest you keep MBAM. Keep it updated and use it regularly.
Updates and upgrades
Java
You have an old vulnerable version of java installed. Please click start > Control panel. Under programs click uninstall a program and uninstall Java(TM) 6 Update 30
Do not uninstall Java 7 Update 7
Adobe Reader
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources. If you choose to use Foxit decline the Foxit toolbar that may be offered during the install.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9.2 first. Be sure to move any PDF documents to another folder first though.
Some Recommendations and prevention tips
Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Those you have now provided you are using a firewall. Windows 7 has a built in firewall which is pretty good when set up. You can find some very good information HERE (http://www.addictivetips.com/windows-tips/windows-7-firewall-outbound-protection/) .
-Secure your Internet Explorer
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
- Make sure you have reset Windows Updates to your chosen option. Click your start button > Control Panel > System > Windows updates (lower left) > change settings
- Keep your antivirus program updated, as well as any other security programs you have.
-More tips and programs can be found HERE (http://forums.whatthetech.com/Preventing_Malware_Tools_Practices_Safe_Computing_t98700.html)
Please post back if you have any problems.
Take care
Robertomac
2012-10-09, 14:55
Hi oldman960,
I just wanted to post back to thank you for your help. This is the second time I have used the Spybot forum for help removing unwanted and malicious software from my machine, and in both cases the help has been nothing short of first class.
Many thanks once again.
oldman960
2012-10-10, 07:17
Hi Robertomac,
You are more than welcome. Take care.