Unknown Malware....

2 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Unknown Malware....30th July 2012, 9:35 am

I was using my laptop over the weekend, and at some point I guess it must have picked up a virus or malware. The internet would slow right now, on restarting icons on my desktop enlarged and moved around for no reason.

I ran Malware Bytes and it found two threats. I removed/quarrentined them, however Malware Bytes keeps telling me yzic.exe or another threat are trying to access a port on my computer. So I thought it was about time I came here to see if you guys could help?

****I tried to copy and paste in the log, however it was too long. I then tried different sections, however the computer I'm using to post this has a tiny screen makes it incredibly hard to figure out which bits I have or haven't posted before, so I will try to attach the log instead.****

In the posts follwing this I will then post the aswMBR log & the Security Check log.

Re: Unknown Malware....30th July 2012, 9:38 am

It didn't seem to attach so I'll try copy and pasting....sorry if there are repeats or errors:

OTL logfile created on: 7/30/2012 6:18:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Martlin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.51% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.91 Gb Total Space | 104.37 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 17.55 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 211.25 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 2.34 Gb Free Space | 31.31% Space Free | Partition Type: FAT32

Computer Name: MARTLIN-HP | User Name: Martlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 18:02:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/25 04:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/12/05 09:14:08 | 000,263,535 | ---- | M] (polmop) -- C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe
PRC - [2011/10/06 04:35:10 | 001,401,224 | ---- | M] (CleanMyPC Software) -- C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
PRC - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
PRC - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/10 08:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2010/09/29 16:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/29 11:08:58 | 000,584,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/09/29 11:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/06/08 04:57:20 | 006,831,616 | ---- | M] () -- C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe
PRC - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/30 17:50:41 | 000,379,904 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Temp\libsqlitejdbc-4984430783870625375.lib
MOD - [2012/07/30 17:50:15 | 000,199,168 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Temp\WindowsAPI.dll4395552185739993825.lib
MOD - [2010/08/17 06:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/17 06:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/17 06:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/08 04:57:20 | 006,831,616 | ---- | M] () -- C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
MOD - [2008/08/07 13:49:00 | 000,091,648 | ---- | M] () -- C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/30 16:49:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/06 12:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/22 07:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/25 08:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/18 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/27 19:55:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 07:04:27 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/17 10:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
SRV - [2011/02/04 16:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/29 11:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/19 11:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/02 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 22:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)
SRV - [2008/11/10 06:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/28 13:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/07/20 17:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/07/20 17:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/07/20 17:45:54 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/07/20 17:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/07/20 17:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/05/12 07:50:37 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/21 11:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/31 13:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 13:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/15 12:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 16:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 15:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/12/21 15:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/12/21 15:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/12/21 15:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/30 18:51:14 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/09/30 16:13:38 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/29 16:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/27 13:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/09/14 04:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/17 23:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/05/15 12:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 12:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/08 05:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 23:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/03/23 11:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/07/21 14:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/11 07:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 07:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 07:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 06:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 06:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/11 06:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/12 10:27:14 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2011/07/07 17:01:40 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSviA64.sys -- (IDSVia64)
DRV - [2011/05/20 05:37:05 | 001,143,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/05/18 19:26:11 | 002,011,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\EX64.SYS -- (NAVEX15)
DRV - [2011/05/18 19:26:09 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\ENG64.SYS -- (NAVENG)
DRV - [2011/05/10 17:48:51 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/05/10 17:48:51 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/CQALL/13
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/705-111071-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

Re: Unknown Malware....30th July 2012, 9:40 am

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/28 17:51:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012/07/30 17:47:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/05/26 22:18:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 07:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 06:22:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Martlin\AppData\Roaming\NetAssistant\ [2011/10/14 18:51:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}: C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}\ [2012/07/30 17:46:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 07:04:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/11 06:22:05 | 000,000,000 | ---D | M]

[2011/05/09 21:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Extensions
[2012/07/19 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions
[2012/03/30 16:19:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/14 18:51:40 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\extensions\plugin@yontoo.com
[2012/05/04 17:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/22 20:16:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/30 17:46:10 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\MARTLIN\APPDATA\LOCAL\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
[2012/07/19 17:31:01 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/07/07 09:29:55 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/03/23 17:44:45 | 000,083,679 | ---- | M] () (No name found) -- C:\USERS\MARTLIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DX6BQD9S.DEFAULT\EXTENSIONS\MULTIFOX@HULTMANN.XPI
[2012/07/20 07:04:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012/04/11 08:44:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/20 07:35:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/20 07:35:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/05/26 22:21:32 | 000,001,412 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.0 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKCU..\Run: [cmidg] C:\Users\Martlin\AppData\Roaming\cmidg.dll (Crytek)
O4 - HKCU..\Run: [conde] C:\Users\Martlin\AppData\Roaming\conde.dll (Stardock Systems, Inc)
O4 - HKCU..\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe ()
O4 - HKCU..\Run: [Laifliep] C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe (polmop)
O4 - HKCU..\Run: [Registry Cleaner Scheduler] C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
O4 - HKCU..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - Startup: C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3FC7590-7339-410A-B8D4-0938DBF388CB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCDC8AAE-72CF-475D-A03D-F49970D5DD19}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/10 12:06:41 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/05/08 20:30:30 | 000,000,051 | RHS- | M] () - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ed994b76-9bc3-11e1-a8b4-2c27d7c0287a}\Shell - "" = AutoRun
O33 - MountPoints2\{ed994b76-9bc3-11e1-a8b4-2c27d7c0287a}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7380752B-DFFB-42DB-157D-A8460AADD355} - Internet Explorer
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Re: Unknown Malware....30th July 2012, 9:42 am

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 18:11:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Martlin\Desktop\aswMBR.exe
[2012/07/30 18:11:28 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
[2012/07/30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E1EC5F3C-49D1-44E6-9C41-8C3D805EB5F1}
[2012/07/30 17:37:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9319F840-AAF1-4FE6-B620-7D49E9D1598C}
[2012/07/30 17:21:18 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8B01E12E-6341-45AC-8245-AC5FBE9D0B80}
[2012/07/29 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F16AE24B-CB3C-4542-9484-A840F8C21AF1}
[2012/07/29 09:34:25 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
[2012/07/29 09:32:51 | 000,435,712 | ---- | C] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/07/29 09:32:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1D6AF53D-13B7-4BDB-BA9C-CC4B875371BB}
[2012/07/29 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3BBD742F-1F21-4365-8CC5-3F5200294796}
[2012/07/28 19:38:24 | 000,131,072 | -HS- | C] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Yqemo
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Orca
[2012/07/28 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Exywu
[2012/07/28 09:27:22 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6BFD0C58-6B53-43CB-86F2-08952C9B8751}
[2012/07/28 09:26:59 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F7B4B099-10F8-4279-9222-569FEE5CEADD}
[2012/07/27 07:36:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{EAA45DC2-D833-4AF1-8124-D13181EF0B3A}
[2012/07/27 07:35:56 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{10FDEE92-F88D-4443-9751-F8F2984B48F3}
[2012/07/26 07:38:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E2AD9392-B05B-4AED-8136-E3B403FA6E77}
[2012/07/26 07:38:11 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{34AFE524-B263-47B2-9641-5A18BCAEF8B1}
[2012/07/25 19:37:34 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FCA4A0FB-45A2-4CBE-88B7-5AE87885F6D5}
[2012/07/25 19:37:21 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B97EFE3F-55B5-4B6F-A764-5ED51C85A309}
[2012/07/25 07:36:24 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{68263965-2E67-480D-9002-85C1B297C412}
[2012/07/25 07:36:08 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{0E96F863-50D1-4BE8-8C6E-6FCE143026A2}
[2012/07/24 19:35:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2D329D76-B1B3-496E-9BD2-C577B444B643}
[2012/07/24 19:35:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{03B06150-D611-4E83-BDE0-886E3C6BFC00}
[2012/07/24 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2012/07/24 07:33:51 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1BCBB1C0-93B5-4B98-BC2B-859BB9C584BA}
[2012/07/24 07:33:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{44691B81-33FB-4A0C-B615-D317BD88A638}
[2012/07/23 19:32:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3F38A075-3C60-4481-B896-EFD91B95D58B}
[2012/07/23 19:32:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{47744C18-65FF-4F1C-8797-3313EB6D14E0}
[2012/07/23 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{7AA0AF47-C3B3-4272-9C0C-F04E38F9C88F}
[2012/07/23 07:30:42 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5EC80708-11DA-437C-9F85-39729C1C30E7}
[2012/07/22 15:02:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\Desktop\sd card
[2012/07/22 12:57:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5CB614A6-5816-44B0-B110-31C89C0B6CE2}
[2012/07/22 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B1BE1058-262C-4FA9-9783-2596A68B6143}
[2012/07/21 17:13:59 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{863393A3-3C5B-4F51-8E57-34433889A10F}
[2012/07/21 17:13:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2B8708C0-8A60-445A-A845-B9A7EAB05F59}
[2012/07/21 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{11ACE0F3-C8D3-46A4-9451-0AB9A1017234}
[2012/07/20 19:21:00 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2E14B339-60FD-4FFC-83B0-33B8B3A5D7E9}
[2012/07/20 07:20:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E5CA2573-404B-40BF-92EA-BB87CBEF9662}
[2012/07/20 07:20:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{20F58424-43DB-43E2-9975-3C6436BBC294}
[2012/07/19 19:19:36 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FE8723FD-7341-41DA-9A93-F48286066CDB}
[2012/07/19 19:19:23 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{ACCBFF81-3684-4EA0-8679-CC30D3270C74}
[2012/07/19 07:18:52 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AA87F0BB-8FC1-4697-B671-03379095F5B2}
[2012/07/19 07:18:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{4B689586-DD0D-4AEC-9FCE-2FF7F4DA9790}
[2012/07/18 19:18:06 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{3517CA46-182C-4BA3-934B-49B82AAF6B1D}
[2012/07/18 19:17:45 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AF6E1669-F539-444A-9CF0-2BAF9B537DE9}
[2012/07/18 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8A8023A5-6E43-4B66-9BD9-180B5D8A2269}
[2012/07/18 07:16:15 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{949B755F-3D30-43C9-910C-3E70339E663D}
[2012/07/17 07:41:53 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{156FD38E-90E7-43BB-82D2-710857BB54F2}
[2012/07/17 07:40:36 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{01547206-4A0E-4C60-B6C3-3213A53F02A7}
[2012/07/16 20:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis Disk Director Suite
[2012/07/16 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acronis Disk Director Suite
[2012/07/16 20:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis Disk Director Suite
[2012/07/16 18:41:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/16 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Flexible File Synchronizer
[2012/07/16 17:40:58 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\CleanMyPC Software
[2012/07/16 17:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
[2012/07/16 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CleanMyPC
[2012/07/16 07:24:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{432709AF-3EDF-4CE1-ACCC-84DA7A91E5EA}
[2012/07/16 07:24:19 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{4D2FE887-FAE8-4F40-B85E-FAAD2129C1EA}
[2012/07/15 11:43:08 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{A6D822D2-567F-4706-9EE4-7E81FEF17602}
[2012/07/15 11:42:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5BE768DF-8413-4309-8833-63C08C14EBAE}
[2012/07/14 20:43:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{C3A0B4BF-BC73-4DB3-A898-B1054790982B}
[2012/07/14 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B4D8ED4F-60D7-4563-A780-D3F9245F3719}
[2012/07/14 08:42:05 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{2E0B9CBE-B88B-40A0-85D7-332909B90946}
[2012/07/14 08:41:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{FEFE98F8-8971-48BF-A913-3EBCBF0A5852}
[2012/07/13 07:27:15 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{94C31185-08BC-4A64-8569-FDB2FEC025A7}
[2012/07/13 07:26:55 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8275A07F-BC3E-4170-A355-7812FEED6884}
[2012/07/12 17:38:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9AF96C78-DCED-4ABB-B00D-F27F9C7BDFEB}
[2012/07/12 17:38:13 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{5B623B61-8780-424F-A712-1EDE4985BF65}
[2012/07/11 22:14:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{24E92400-E85B-4A49-B0AD-4F8F348456BA}
[2012/07/11 22:13:58 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{02D68A14-ED34-44F4-AA4F-9A18A5AFDD1A}
[2012/07/11 07:08:29 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{279D7BF3-741E-4F9F-91AC-19BB8D5E3E16}
[2012/07/11 07:08:09 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F85715CA-1944-45F6-8E09-89D7E3E4A682}
[2012/07/10 20:38:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/07/10 20:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2012/07/10 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2012/07/10 20:38:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/07/10 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Roaming\NCH Software
[2012/07/10 07:14:56 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6868937F-5B14-4872-853E-5082344B5C4B}
[2012/07/10 07:14:32 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6BE19A82-B003-4CB1-A87B-EFDD6CA46D97}
[2012/07/09 07:24:34 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6E299C0D-DEB0-495E-A70B-A2021C16F9DC}
[2012/07/09 07:24:14 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{41CB0006-86BA-49DD-B6F1-681A016AA4A1}
[2012/07/08 11:20:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{A9632B61-9AAA-43EC-8047-E37465A88FC1}
[2012/07/08 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{98111811-05D7-4E08-B90B-8017AA48C8D3}
[2012/07/07 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{515B425A-EE3D-4A60-9DCA-836D1CA8F09F}
[2012/07/07 21:29:39 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{377E7F57-1BD2-4922-B487-87616D22E22B}
[2012/07/07 09:28:12 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{22E5C143-33EE-4D80-8502-64714764645C}
[2012/07/07 09:27:52 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{189C6A00-FCE1-4FCC-82F0-8BCC8B43CCC7}
[2012/07/06 19:26:18 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{6A5B5229-07A2-408C-B773-506DDA40BF0F}
[2012/07/06 19:26:02 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{B373EAB1-8C33-4B26-8DE8-9C246F87B2BC}
[2012/07/06 07:24:31 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{83B322CB-E78D-4F17-AB8F-3D0E8DC5736C}
[2012/07/06 07:23:57 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1372B32D-E666-4CB3-9504-5913E7C9540C}
[2012/07/05 07:42:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{8D1DCBFB-9C76-4656-9086-3A412DEC6857}
[2012/07/05 07:42:07 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{C55B3A43-47CF-4D92-B50B-56A59D54A339}
[2012/07/04 07:22:49 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{43BB1718-2B67-4853-B15A-947D413AD70C}
[2012/07/04 07:22:27 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{CEFE1D07-8801-49C5-9C07-F91E45FD2D2D}
[2012/07/03 07:42:48 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{DDCFE8B9-684E-4484-8F0E-3CD75966D938}
[2012/07/03 07:42:35 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{639FD061-63F4-48F8-8809-EE5EA007AABD}
[2012/07/02 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{1966B80B-3ECD-4A55-AAF7-427135E5CD7A}
[2012/07/02 19:41:46 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{F70149F9-2E1E-4BE7-883B-014DFF74F73F}
[2012/07/02 07:40:12 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{AF7EAC87-3011-492D-929A-01EDF49BBA1D}
[2012/07/02 07:39:41 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{22D9483E-F990-45E9-800D-4B640B9FCFC0}
[2012/07/01 12:05:37 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{E9C6C840-CD7D-40AB-BE08-EDA8B4B87CF5}
[2012/07/01 12:05:16 | 000,000,000 | ---D | C] -- C:\Users\Martlin\AppData\Local\{9F604785-898E-4E67-93DA-673D4DB642F3}

========== Files - Modified Within 30 Days ==========

[2012/07/30 18:12:29 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 18:12:29 | 000,632,602 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 18:12:29 | 000,112,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 18:07:18 | 000,881,494 | ---- | M] () -- C:\Users\Martlin\Desktop\SecurityCheck.exe
[2012/07/30 18:06:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Martlin\Desktop\aswMBR.exe
[2012/07/30 18:02:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Martlin\Desktop\OTL.com
[2012/07/30 17:57:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 17:57:48 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 17:54:14 | 000,147,071 | ---- | M] () -- C:\Users\Martlin\Desktop\system restor error note.jpg
[2012/07/30 17:54:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 17:51:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 17:51:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 17:47:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 17:47:05 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 18:25:39 | 000,001,456 | ---- | M] () -- C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/29 09:32:55 | 000,435,712 | ---- | M] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/07/28 19:37:48 | 000,131,072 | -HS- | M] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/27 19:55:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 19:55:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/24 18:31:55 | 000,001,382 | -H-- | M] () -- C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
[2012/07/24 18:31:47 | 000,001,454 | -H-- | M] () -- C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
[2012/07/20 07:04:33 | 000,002,044 | ---- | M] () -- C:\Users\Martlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/18 07:14:43 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMartlin.job
[2012/07/12 21:26:24 | 005,026,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/30 18:11:28 | 000,881,494 | ---- | C] () -- C:\Users\Martlin\Desktop\SecurityCheck.exe
[2012/07/30 17:54:11 | 000,147,071 | ---- | C] () -- C:\Users\Martlin\Desktop\system restor error note.jpg
[2012/07/28 20:00:25 | 000,092,160 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000032.@
[2012/07/28 20:00:24 | 000,080,896 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000064.@
[2012/07/28 20:00:24 | 000,000,804 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L\00000004.@
[2012/07/28 20:00:23 | 000,016,896 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000000.@
[2012/07/28 20:00:22 | 000,002,048 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\00000004.@
[2012/07/28 20:00:22 | 000,001,632 | ---- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\000000cb.@
[2012/07/24 18:31:55 | 000,001,382 | -H-- | C] () -- C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
[2012/07/24 18:31:47 | 000,001,454 | -H-- | C] () -- C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
[2012/07/17 17:39:31 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForMartlin.job
[2012/07/10 20:38:09 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/04/14 10:38:58 | 000,000,132 | ---- | C] () -- C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/13 17:29:31 | 000,001,328 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 17:29:31 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/31 17:30:26 | 000,002,048 | -HS- | C] () -- C:\Users\Martlin\AppData\Local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@
[2012/01/30 19:32:20 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/09 21:41:48 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\rmc_rtspdl.dll
[2011/11/19 13:53:02 | 000,003,584 | ---- | C] () -- C:\Users\Martlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 20:53:51 | 000,001,456 | ---- | C] () -- C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/23 17:32:50 | 000,001,854 | ---- | C] () -- C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml
[2011/06/22 15:52:14 | 004,130,816 | ---- | C] () -- C:\Windows\SysWow64\LS3Renderer.dll
[2011/06/22 13:10:32 | 004,070,912 | ---- | C] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll
[2011/06/12 18:15:57 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
[2011/06/12 18:15:56 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll
[2011/05/10 08:31:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/10 08:09:36 | 000,722,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/11 18:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/11 18:38:40 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2011/04/11 18:38:40 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2011/02/18 21:23:26 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/02/18 21:23:26 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/02/18 21:23:26 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/02/18 21:23:26 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/13 18:21:26 | 000,326,656 | ---- | C] () -- C:\Program Files\VOBMerge252.exe
[2010/10/21 07:47:42 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/22 03:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 22:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/20 07:04:26 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/20 07:04:27 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 11:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 22:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< %USERPROFILE%\AppData\Local\ /s >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

Re: Unknown Malware....30th July 2012, 9:43 am

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/05/09 21:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ableton
[2012/07/16 20:25:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Acronis Disk Director Suite
[2012/01/06 16:10:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/05/26 21:51:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
[2012/01/30 19:32:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnvSoft
[2011/07/07 09:51:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/04/11 18:43:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2011/04/11 18:40:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/05/15 20:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2011/10/15 16:44:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/04/11 18:43:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/07/16 17:40:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CleanMyPC
[2012/07/30 17:46:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/04/11 18:54:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/11/19 14:08:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Deskshare
[2011/05/15 21:02:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Digiarty
[2012/03/08 20:32:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2011/06/12 14:36:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Decrypter
[2011/05/11 20:03:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVD Shrink
[2012/05/22 07:12:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/07/24 19:19:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Handbrake
[2011/05/17 19:03:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/04/11 19:03:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/10/21 07:42:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Photo Creations
[2012/01/26 15:00:16 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/05/29 19:01:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2012/01/08 11:01:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jaksta Technologies
[2012/02/08 17:22:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JAM Software
[2012/04/11 08:44:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2011/05/09 20:59:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JRE
[2011/09/21 18:40:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Last.fm
[2012/03/13 17:29:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\lmw32
[2012/01/26 15:00:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LooksBuilder
[2012/07/14 17:56:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/09/02 18:23:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2012/04/19 18:11:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
[2011/05/11 19:41:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mediafour
[2011/04/11 19:04:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2012/02/19 14:26:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/02/19 14:31:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/02/01 05:59:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/02/19 14:31:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/02/19 14:31:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/02/19 14:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/19 14:27:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/07/24 18:32:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/06/12 18:38:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MKVtoolnix
[2011/11/19 13:41:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Moyea
[2012/07/20 07:04:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/20 16:54:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/02/19 14:33:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/05/26 21:50:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
[2011/09/02 18:30:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec
[2012/01/13 22:26:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MysticCoder
[2012/07/10 20:38:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2011/04/11 18:56:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton Internet Security
[2011/04/11 18:56:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NortonInstaller
[2011/05/09 20:43:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/05/09 20:58:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/04/29 19:33:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Photobook Designer
[2011/04/11 18:53:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PictureMover
[2011/10/31 06:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/05/26 21:24:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RarZilla Free Unrar
[2011/04/11 18:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2011/05/15 20:35:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Red Kawa
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/05/15 20:35:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Regensoft
[2011/09/02 18:24:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2012/07/30 17:46:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/04/11 18:47:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftStylus
[2012/07/16 17:51:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SuperFlexible
[2011/04/11 18:55:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2011/09/23 18:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Telstra Turbo Connection Manager
[2011/04/11 18:42:00 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/01/05 15:20:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Topaz Labs
[2009/07/14 14:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/05/09 21:01:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/07/14 15:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2012/06/21 17:57:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2012/02/01 06:21:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2012/02/01 06:21:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2012/01/08 11:48:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WMR14
[2011/10/15 17:04:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/10/14 18:51:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2011/05/10 08:13:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ZTEDriver

< %appdata%\*.* >
[2012/05/23 21:01:39 | 000,000,132 | ---- | M] () -- C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/07/28 19:37:48 | 000,131,072 | -HS- | M] (Crytek) -- C:\Users\Martlin\AppData\Roaming\cmidg.dll
[2012/07/29 09:32:55 | 000,435,712 | ---- | M] (Stardock Systems, Inc) -- C:\Users\Martlin\AppData\Roaming\conde.dll
[2012/05/15 17:33:57 | 000,001,854 | ---- | M] () -- C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml

< MD5 for: AFD.SYS >
[2011/04/25 12:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 09:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010/11/20 19:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 12:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011/04/25 12:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 13:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 12:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20545_none_39e1f82254380270\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2010/11/20 23:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\SysNative\cryptsvc.dll
[2010/11/20 23:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2009/07/14 11:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 11:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\SysWOW64\cryptsvc.dll
[2010/11/20 22:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 16:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 16:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/14 11:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 16:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 16:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 23:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 16:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009/07/14 11:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/14 11:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 16:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/21 07:57:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/21 07:53:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/21 07:57:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/21 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 23:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/21 07:57:00 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/21 07:53:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 11:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/21 07:57:00 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 16:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/21 07:53:54 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/14 11:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/14 11:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 19:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 19:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/14 09:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/14 11:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/14 11:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 23:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 23:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/14 11:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 23:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 23:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/14 11:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 11:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/25 15:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/30 03:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 23:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 16:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/10/21 07:59:00 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2011/04/25 15:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2010/10/21 07:59:00 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 11:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 15:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 16:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/30 02:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011/04/25 16:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 16:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 16:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/30 02:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/30 02:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011/09/30 02:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/14 09:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 19:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 19:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 23:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/14 11:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 11:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 11:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 11:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/21 07:57:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/21 07:57:00 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/14 11:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 16:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 16:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/14 11:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:C119EC96
@Alternate Data Stream - 969 bytes -> C:\Users\Martlin\AppData\Local\Temp:Oh6TYR9s4U3WyY8Nl1XcFaxFW
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 1067 bytes -> C:\Users\Martlin\AppData\Local\3lSewNl8Nv5dSQ:BpHW5HP9JYncoQOKjUiQ

< End of report >

Re: Unknown Malware....30th July 2012, 9:45 am

aswMRB LOG:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-30 18:58:06
-----------------------------
18:58:06.267 OS Version: Windows x64 6.1.7601 Service Pack 1
18:58:06.267 Number of processors: 2 586 0x603
18:58:06.267 ComputerName: MARTLIN-HP UserName: Martlin
18:58:10.979 Initialize success
19:00:18.180 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
19:00:18.180 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 11
19:00:18.195 Disk 0 MBR read successfully
19:00:18.195 Disk 0 MBR scan
19:00:18.211 Disk 0 unknown MBR code
19:00:18.211 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:00:18.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 458664 MB offset 409600
19:00:18.258 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17972 MB offset 939753472
19:00:18.273 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:00:18.320 Disk 0 scanning C:\Windows\system32\drivers
19:00:27.291 Service scanning
19:01:03.530 Modules scanning
19:01:03.546 Disk 0 trace - called modules:
19:01:03.577 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:01:03.592 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025d1060]
19:01:03.608 3 CLASSPNP.SYS[fffff88001b8a43f] -> nt!IofCallDriver -> [0xfffffa8002589b80]
19:01:03.624 5 amd_xata.sys[fffff8800106c7a8] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8002472850]
19:01:03.624 Scan finished successfully
19:01:56.695 Disk 0 MBR has been saved successfully to "H:\MBR.dat"
19:01:56.710 The log file has been saved successfully to "H:\aswMBR.txt"

Re: Unknown Malware....30th July 2012, 9:47 am

Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CleanMyPC - Registry Cleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

Re: Unknown Malware....30th July 2012, 9:50 am

oops, I nearly forgot to post the Extras Log from OTL:

OTL Extras logfile created on: 7/30/2012 6:18:02 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Martlin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.51% Memory free
3.49 Gb Paging File | 1.89 Gb Available in Paging File | 54.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.91 Gb Total Space | 104.37 Gb Free Space | 23.30% Space Free | Partition Type: NTFS
Drive D: | 17.55 Gb Total Space | 2.54 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 211.25 Gb Free Space | 15.12% Space Free | Partition Type: NTFS
Drive H: | 7.47 Gb Total Space | 2.34 Gb Free Space | 31.31% Space Free | Partition Type: FAT32

Computer Name: MARTLIN-HP | User Name: Martlin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C43897-5DE2-4EF0-A4AF-BF6BA06F1E2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11D71FC1-396F-4BBA-B365-D5B506A2302A}" = lport=138 | protocol=17 | dir=in | app=system |
"{17760192-8F7A-4E6B-A044-44B85BECBDD1}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1B1C20CB-98DB-46E8-AAD9-AC7347AA0FC4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22E5D2F2-317C-4314-BBBB-316A6DFB4421}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{319279F4-6119-4DC5-A000-D4FAB6665861}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4BC1E8F5-4E33-4021-8C07-FE8D320FACE4}" = lport=137 | protocol=17 | dir=in | app=system |
"{5ABBEE89-13B9-4886-8887-95DC80C2F408}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6755692A-3382-4C96-AEAB-2933F993CBAE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6FE965E5-0788-4B28-82FF-836EC567113D}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E30C184-0549-4CD2-86F7-BC9D921CBA75}" = rport=139 | protocol=6 | dir=out | app=system |
"{87781C2E-7D49-41A2-9AC3-B6E0373DD6EF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{982D0C2E-4D57-4CC5-BB04-9AA0AF006109}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9DA8400E-7C5E-4729-9E11-F6D7341F9286}" = rport=138 | protocol=17 | dir=out | app=system |
"{A191E973-6CF5-41F7-B6A7-1A87989D21C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB3FF279-1CF2-4BB1-B935-E853CEDA5D81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B6A3FBCA-665D-4DBF-86A9-D14EFD6CD578}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB308298-73C4-47D3-A88E-2774005F1025}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C62A3D05-137E-4C65-A9CC-0EBEBF0C30AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D90936FD-D44D-41DA-A542-A3E04A3B8D18}" = lport=445 | protocol=6 | dir=in | app=system |
"{DBB28318-3973-4A92-A8A9-E107337D17CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{E6CC662C-93BB-44C9-8CB1-A354A42F4C78}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFCF86BB-5C7E-427A-8C8F-A564CB52B3AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002112FD-B3B6-413B-9DB0-8E2C353212EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{00257A15-4B85-4025-96FA-716CAAD883F8}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{0627458F-9E6C-4086-B214-A996C1B5A54E}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{06C2B49C-DB10-4AE0-94F2-2CD5E1CEE90B}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"{0A983FFF-B167-48F8-9BFD-051DFD623356}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0D9C387A-B427-408C-86AD-A945599B4502}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{11422511-43AC-49B0-B84F-FA9CD5761159}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{1199F61B-2565-4275-A1A0-C1E1AEB895EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{279CAB48-F47B-4CDE-B316-548DE0F6145A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{284ADCDA-F73B-4DEF-9336-5BE66A831BA1}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{34583150-908E-4829-93FD-720F679F75DC}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"{3502845F-4CA6-4DC4-9CF4-7A6DC5165DC5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3B3F386A-5F9B-4342-AF35-62C3CC33FFD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{421AE044-55EC-4863-8174-3BF777F3A6EC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{425DDC42-04EB-4395-9D71-0C69F6C49058}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{540C25FA-8F7E-47BB-82CA-C7A2AF991C20}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6013DE5E-DBD4-4AFD-AA80-7F06D4684710}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{624685D1-1A0C-44C1-A23A-78753EB9050F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{629C3541-4EB3-451D-9954-619B697A3C06}" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\dropbox\bin\dropbox.exe |
"{65273B2D-52A0-4078-B59B-6B1F02FA87ED}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"{70D5E573-0ACC-4464-807C-DB6F7E62E4F6}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"{73C67A8F-C66B-4355-9B26-63F872BC6F27}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7773861A-AAFA-42C0-AB04-6EDDC9F42556}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8327FF82-BA86-49FF-A717-B56E4602F3D4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{92929CAC-7DCB-4E74-B0A4-40B4B3CE40E0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A50A01F5-7F54-4881-8C07-1108BF2CB5DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA7B179F-1EF0-48A4-B52F-7ABA5C5FF599}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{ADE73DDD-4E74-4A3B-8936-49D7491870CA}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"{B452F37C-2640-4848-9BC1-9C22F8915F25}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C0D1EF33-B95E-4D3E-A114-8EFD252C7643}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D21273BE-1BF6-44F1-8EDD-90AE3DC55DF5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{E49A00DD-6247-49F7-B601-83AB8BF74800}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"{F8AEAB84-9443-4531-A627-D23654271232}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F8AF18D9-22B0-4C34-AB3B-4970BE16F289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC4B30FB-C836-4C63-B034-AFE27ED7AFD4}" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFE0209E-4767-4E55-AE23-79369A3B2D5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{1446B45F-C906-4EC3-87C9-25E066F5A91E}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"TCP Query User{2E72C5FE-6CD7-44E3-AB31-38CD72A13F95}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{2F8C170E-0E79-4DD3-8210-5417B8B02468}C:\users\martlin\appdata\roaming\exywu\yzic.exe" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\exywu\yzic.exe |
"TCP Query User{642FF45B-FD0B-41A5-B645-4B900A53C254}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"TCP Query User{70BE4C10-26D6-4B8B-8450-D6AACAAC52E6}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"TCP Query User{C36DDBBF-A7AD-405E-8CB7-D6321F9BE8F3}C:\users\martlin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\martlin\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C3D6F140-A65E-4F26-A3E6-BDAAAFDE581C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E8726CAE-0974-488C-9487-2D0343B08AFE}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"TCP Query User{FF1555CA-7363-4374-9AAB-D2001898071F}C:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe |
"UDP Query User{1E8D7872-ABAC-4CC2-8F30-30396FBBF8E2}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"UDP Query User{3831DABC-C75C-4817-BF7D-3E56A7A16BB1}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe |
"UDP Query User{39CEF46E-3EAC-4DF4-8DAC-B8A6A1FF5228}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{61FEBA62-8E7C-4CEB-A145-912A4CD5C05F}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"UDP Query User{7A30DB12-CFE5-41E2-A80F-3F699E775660}C:\users\martlin\appdata\roaming\exywu\yzic.exe" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\exywu\yzic.exe |
"UDP Query User{895F7519-AC0F-440F-B3BC-DE6BF4DD4064}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{CCB3AFC8-8F81-4B85-9D1F-3D3347A389D8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{E4B397D5-BB83-4DD9-B2EB-BA071076142F}C:\users\martlin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\martlin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EDF235AE-651A-45A2-A129-A66B2587CA0A}C:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe photoshop cs5 (64 bit)\photoshop.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06B60360-9DBD-4593-90A0-FD237F0845A2}" = Topaz DeNoise 5 (64-bit)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager
"{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZTE USB Driver" = ZTE USB Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard
"{2385DA7C-F545-4E66-A968-D464F0519425}" = HP Documentation
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish
"{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D31A225-453B-4798-8452-9F2181CA6971}" = SoftStylus
"{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian
"{5559EC94-8051-4E5B-B878-C23AF633697B}" = FixerBundle
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian
"{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E07D32B-162C-4AF3-BCF1-6A8E7FC5772D}" = MysticThumbs
"{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Telstra Turbo Connection Manager
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish
"{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish
"Ableton Live_is1" = Ableton Live v6.0.3
"Acronis Disk Director Suite" = Acronis Disk Director Suite 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Android SDK Tools" = Android SDK Tools
"Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.1
"AviSynth" = AviSynth 2.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Debut" = Debut Video Capture Software
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Focus Magic" = Focus Magic
"HandBrake" = HandBrake 0.9.8
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}" = Magic Bullet Suite 64-bit
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Label Matrix 32" = Label Matrix 32
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MKVtoolnix" = MKVtoolnix 4.8.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"My Screen Recorder 3.0_is1" = My Screen Recorder 3.0
"My Screen Recorder Pro_is1" = My Screen Recorder Pro 2.67
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RarZilla Free Unrar" = RarZilla Free Unrar
"Super Flexible File Synchronizer_is1" = Super Flexible File Synchronizer v4.59b
"Topaz DeNoise 5" = Topaz DeNoise 5
"Topaz DeNoise 5 (64-bit)" = Topaz DeNoise 5 (64-bit)
"TreeSize Free_is1" = TreeSize Free V2.6
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.9
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinX Free VOB to MP4 Converter_is1" = WinX Free VOB to MP4 Converter 2.0.7
"WM Recorder 14" = WM Recorder 14
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"Yahoo! Software Update" = Yahoo! Software Update
"Yahoo!7 Messenger" = Yahoo!7 Messenger
"YouTube Downloader App" = YouTube Downloader App 3.00
"YTdetect" = Yahoo! Detect
"ZumoDrive" = HP CloudDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"NetAssistant 3.6.5" = NetAssistant for Firefox
"Photobook Designer" = Photobook Designer
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16287

Error - 3/10/2012 6:48:41 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16287

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4119

Error - 3/11/2012 12:36:47 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4119

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5398

Error - 3/11/2012 12:36:48 AM | Computer Name = Martlin-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5398

Error - 3/11/2012 4:53:07 PM | Computer Name = Martlin-HP | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 3/11/2012 4:57:27 PM | Computer Name = Martlin-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 6/21/2011 3:38:50 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061121053843.xml
File not created by asset agent

Error - 7/5/2011 4:00:02 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071105055956.xml
File not created by asset agent

Error - 8/23/2011 3:32:44 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081123053240.xml
File not created by asset agent

Error - 9/20/2011 3:31:31 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091120053126.xml
File not created by asset agent

Error - 10/11/2011 2:25:57 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101111052552.xml
File not created by asset agent

Error - 12/20/2011 2:48:01 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121120054756.xml
File not created by asset agent

Error - 2/7/2012 2:45:45 AM | Computer Name = Martlin-HP | Source = Hewlett-Packard | ID = 0
Description = en-AU Exception of type 'System.Exception' was thrown. Configurator
at Configurator.ConfiguratorClass.loadXML() at Configurator.ConfiguratorClass..ctor(Boolean
loadxml) at HPSFConfigReader.ConfigHelper..ctor() at HPAssistant.csSettings.loadApplicationResources(Boolean
isOnAppLoad)

[ HP Wireless Assistant Events ]
Error - 6/29/2012 7:52:54 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/4/2012 5:15:32 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/8/2012 5:26:17 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/9/2012 3:23:53 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/10/2012 3:52:39 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/12/2012 3:42:56 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 7/16/2012 3:19:56 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.b__c()

Error - 7/17/2012 3:19:03 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/20/2012 7:50:52 PM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 7/23/2012 3:22:06 AM | Computer Name = Martlin-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 7/29/2012 12:14:18 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/29/2012 3:00:27 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/29/2012 3:07:46 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/29/2012 4:48:11 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/29/2012 4:58:57 AM | Computer Name = Martlin-HP | Source = DCOM | ID = 10010
Description =

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7038
Description = The sppsvc service was unable to log on as NT AUTHORITY\NetworkService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7000
Description = The Software Protection service failed to start due to the following
error: %%1069

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7038
Description = The wscsvc service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/30/2012 3:39:08 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7000
Description = The Security Center service failed to start due to the following error:
%%1069

Error - 7/30/2012 3:39:24 AM | Computer Name = Martlin-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Update service terminated with the following error: %%-2147467243

< End of report >

Re: Unknown Malware....30th July 2012, 9:51 am

I hope someone can help!!

Thanks Smile...

Re: Unknown Malware....30th July 2012, 10:07 am

Hi!

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

Re: Unknown Malware....30th July 2012, 11:02 am

I didn't get an All RKreport.txt file when it was done, but here are the three individua reports it made after each one:

LOG 1:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Scan -- Date: 07/30/2012 20:45:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> FOUND
[BLACKLIST DLL] HKCU\[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1926778873-3121763269-34881918-1000[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-60A0RT0 SATA Disk Device +++++
--- User ---
[MBR] a765165ca861f1ea1ca4600829a1d823
[BSP] 51461fa8841feaa215c83ddfe96a8e09 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458664 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 939753472 | Size: 17972 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] dcc9a7ea9a3bc5d0fad142916a4e0af8
[BSP] 4f1bd685eac03a4d39e7daced34583b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SanDisk Cruzer Micro USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Re: Unknown Malware....30th July 2012, 11:03 am

LOG 2:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Remove -- Date: 07/30/2012 20:46:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Laifliep (C:\Users\Martlin\AppData\Roaming\Exywu\yzic.exe) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : cmidg (rundll32.exe "C:\Users\Martlin\AppData\Roaming\cmidg.dll",SetCurrentIndex2) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : conde ("C:\Windows\System32\rundll32.exe" "C:\Users\Martlin\AppData\Roaming\conde.dll",_GetSlice) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000032.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\martlin\appdata\local\{589b81f6-b018-d8ef-ca08-ba8dfdca5d69}\L --> REMOVED

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
0.0.0.0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BEVT-60A0RT0 SATA Disk Device +++++
--- User ---
[MBR] a765165ca861f1ea1ca4600829a1d823
[BSP] 51461fa8841feaa215c83ddfe96a8e09 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 458664 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 939753472 | Size: 17972 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD Ext HDD 1021 USB Device +++++
--- User ---
[MBR] dcc9a7ea9a3bc5d0fad142916a4e0af8
[BSP] 4f1bd685eac03a4d39e7daced34583b5 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: SanDisk Cruzer Micro USB Device +++++
--- User ---
[MBR] 4a296257b22c19f9bfb72764b330eeb0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 44 | Size: 7655 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3].txt >>
RKreport[2].txt ; RKreport[3].txt

Re: Unknown Malware....30th July 2012, 11:05 am

LOG 3:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Martlin [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/30/2012 20:56:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 107 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2574 / Fail 0
My documents: Success 4 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 3 / Fail 0
My music: Success 1386 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 4096 / Fail 22
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume5 -- 0x3 --> Restored
[H:] \Device\HarddiskVolume8 -- 0x2 --> Restored

¤¤¤ Infection : ZeroAccess ¤¤¤

Finished : << RKreport[4].txt >>
RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

I hope these help.

Thanks for your help so far.

Re: Unknown Malware....31st July 2012, 11:15 am

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Re: Unknown Malware....1st August 2012, 8:12 am

Here is the log:

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 01-08-2012 18:03:36
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [976832 2010-06-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe [91648 2008-08-06] ()
HKLM-x32\...\Run: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2080 2011-05-09] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-23] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-12] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
HKU\Martlin\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\Martlin\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Martlin\...\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-05-09] ()
HKU\Martlin\...\Run: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup [1401224 2011-10-05] (CleanMyPC Software)
HKU\Martlin\...\Run: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP [6831616 2009-06-07] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Martlin\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2011-05-09] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-02] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 nlsX86cc; C:\Windows\SysWow64\NlsSrv32.exe [61440 2009-06-06] (Nalpeiron Ltd.)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)

========================== Drivers (Whitelisted) =============

3 anvsnddrv; C:\Windows\System32\Drivers\anvsnddrv.sys [33872 2011-11-27] (AnvSoft Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSvia64.sys [488056 2011-07-06] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-02] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\ENG64.SYS [117880 2011-05-18] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110707.032\EX64.SYS [2011768 2011-05-18] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-05-11] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
4 Clfus6c; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-31 23:22 - 2012-07-31 23:22 - 00000000 ____D C:\Users\Martlin\AppData\Local\{96B030FE-B936-4C9B-A45D-66C94E9B761D}
2012-07-31 13:58 - 2012-07-31 13:58 - 01438391 ____A (Farbar) C:\Users\Martlin\Desktop\FRST64.exe
2012-07-31 13:29 - 2012-07-31 13:29 - 00000000 ____D C:\Users\Martlin\AppData\Local\{DC99997A-8B95-44F0-A650-9AA89E92164E}
2012-07-31 01:38 - 2012-07-31 01:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{0A10722A-C5C7-4994-92CD-E5B1AE2D0B6C}
2012-07-30 23:21 - 2012-07-30 23:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{40BE66E2-019C-46A3-9BC4-4437ACE63828}
2012-07-30 13:32 - 2012-07-30 13:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3351B467-388C-4B05-AA08-13C5CCCB54D6}
2012-07-30 02:56 - 2012-07-30 02:56 - 00001251 ____A C:\Users\Martlin\Desktop\RKreport[4].txt
2012-07-30 02:46 - 2012-07-30 02:46 - 00004011 ____A C:\Users\Martlin\Desktop\RKreport[3].txt
2012-07-30 02:45 - 2012-07-30 02:45 - 00003712 ____A C:\Users\Martlin\Desktop\RKreport[2].txt
2012-07-30 02:39 - 2012-07-30 02:46 - 00000000 ____D C:\Users\Martlin\Desktop\RK_Quarantine
2012-07-30 02:37 - 2012-07-30 02:33 - 01552384 ____A C:\Users\Martlin\Desktop\RogueKiller.exe
2012-07-29 23:48 - 2012-07-29 23:48 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E1EC5F3C-49D1-44E6-9C41-8C3D805EB5F1}
2012-07-29 23:37 - 2012-07-29 23:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{9319F840-AAF1-4FE6-B620-7D49E9D1598C}
2012-07-29 23:21 - 2012-07-29 23:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8B01E12E-6341-45AC-8245-AC5FBE9D0B80}
2012-07-29 03:34 - 2012-07-29 03:34 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F16AE24B-CB3C-4542-9484-A840F8C21AF1}
2012-07-28 15:34 - 2012-07-29 23:46 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-28 15:32 - 2012-07-28 15:32 - 00435712 ____A (Stardock Systems, Inc) C:\Users\Martlin\AppData\Roaming\conde.dll
2012-07-28 15:32 - 2012-07-28 15:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1D6AF53D-13B7-4BDB-BA9C-CC4B875371BB}
2012-07-28 15:30 - 2012-07-28 15:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3BBD742F-1F21-4365-8CC5-3F5200294796}
2012-07-28 01:38 - 2012-07-29 23:46 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Exywu
2012-07-28 01:38 - 2012-07-28 20:12 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Yqemo
2012-07-28 01:38 - 2012-07-28 01:38 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\Orca
2012-07-28 01:38 - 2012-07-28 01:37 - 00131072 ___AS (Crytek) C:\Users\Martlin\AppData\Roaming\cmidg.dll
2012-07-27 15:27 - 2012-07-27 15:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6BFD0C58-6B53-43CB-86F2-08952C9B8751}
2012-07-27 15:26 - 2012-07-27 15:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F7B4B099-10F8-4279-9222-569FEE5CEADD}
2012-07-26 13:36 - 2012-07-26 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{EAA45DC2-D833-4AF1-8124-D13181EF0B3A}
2012-07-26 13:35 - 2012-07-26 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{10FDEE92-F88D-4443-9751-F8F2984B48F3}
2012-07-25 13:38 - 2012-07-25 13:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E2AD9392-B05B-4AED-8136-E3B403FA6E77}
2012-07-25 13:38 - 2012-07-25 13:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{34AFE524-B263-47B2-9641-5A18BCAEF8B1}
2012-07-25 01:37 - 2012-07-25 01:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FCA4A0FB-45A2-4CBE-88B7-5AE87885F6D5}
2012-07-25 01:37 - 2012-07-25 01:37 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B97EFE3F-55B5-4B6F-A764-5ED51C85A309}
2012-07-24 13:36 - 2012-07-24 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{68263965-2E67-480D-9002-85C1B297C412}
2012-07-24 13:36 - 2012-07-24 13:36 - 00000000 ____D C:\Users\Martlin\AppData\Local\{0E96F863-50D1-4BE8-8C6E-6FCE143026A2}
2012-07-24 01:35 - 2012-07-24 01:35 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2D329D76-B1B3-496E-9BD2-C577B444B643}
2012-07-24 01:35 - 2012-07-24 01:35 - 00000000 ____D C:\Users\Martlin\AppData\Local\{03B06150-D611-4E83-BDE0-886E3C6BFC00}
2012-07-24 00:31 - 2012-07-24 00:31 - 00001454 ___AH C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
2012-07-24 00:31 - 2012-07-24 00:31 - 00001382 ___AH C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
2012-07-23 13:33 - 2012-07-23 13:34 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1BCBB1C0-93B5-4B98-BC2B-859BB9C584BA}
2012-07-23 13:33 - 2012-07-23 13:33 - 00000000 ____D C:\Users\Martlin\AppData\Local\{44691B81-33FB-4A0C-B615-D317BD88A638}
2012-07-23 01:32 - 2012-07-23 01:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{47744C18-65FF-4F1C-8797-3313EB6D14E0}
2012-07-23 01:32 - 2012-07-23 01:32 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3F38A075-3C60-4481-B896-EFD91B95D58B}
2012-07-22 13:31 - 2012-07-22 13:31 - 00000000 ____D C:\Users\Martlin\AppData\Local\{7AA0AF47-C3B3-4272-9C0C-F04E38F9C88F}
2012-07-22 13:30 - 2012-07-22 13:31 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5EC80708-11DA-437C-9F85-39729C1C30E7}
2012-07-21 22:28 - 2012-07-28 01:35 - 00000141 ____A C:\Users\Martlin\Desktop\60d prices.txt
2012-07-21 21:02 - 2012-07-21 21:05 - 00000000 ____D C:\Users\Martlin\Desktop\sd card
2012-07-21 18:57 - 2012-07-21 18:57 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5CB614A6-5816-44B0-B110-31C89C0B6CE2}
2012-07-21 18:53 - 2012-07-21 18:57 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B1BE1058-262C-4FA9-9783-2596A68B6143}
2012-07-20 23:13 - 2012-07-20 23:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{863393A3-3C5B-4F51-8E57-34433889A10F}
2012-07-20 23:13 - 2012-07-20 23:13 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2B8708C0-8A60-445A-A845-B9A7EAB05F59}
2012-07-20 15:48 - 2012-07-20 15:48 - 00000000 ____D C:\Users\Martlin\AppData\Local\{11ACE0F3-C8D3-46A4-9451-0AB9A1017234}
2012-07-20 01:21 - 2012-07-20 01:21 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2E14B339-60FD-4FFC-83B0-33B8B3A5D7E9}
2012-07-19 13:20 - 2012-07-19 13:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{E5CA2573-404B-40BF-92EA-BB87CBEF9662}
2012-07-19 13:20 - 2012-07-19 13:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{20F58424-43DB-43E2-9975-3C6436BBC294}
2012-07-19 01:19 - 2012-07-19 01:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FE8723FD-7341-41DA-9A93-F48286066CDB}
2012-07-19 01:19 - 2012-07-19 01:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{ACCBFF81-3684-4EA0-8679-CC30D3270C74}
2012-07-18 13:18 - 2012-07-18 13:19 - 00000000 ____D C:\Users\Martlin\AppData\Local\{AA87F0BB-8FC1-4697-B671-03379095F5B2}
2012-07-18 13:18 - 2012-07-18 13:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{4B689586-DD0D-4AEC-9FCE-2FF7F4DA9790}
2012-07-18 01:18 - 2012-07-18 01:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{3517CA46-182C-4BA3-934B-49B82AAF6B1D}
2012-07-18 01:17 - 2012-07-18 01:18 - 00000000 ____D C:\Users\Martlin\AppData\Local\{AF6E1669-F539-444A-9CF0-2BAF9B537DE9}
2012-07-17 13:16 - 2012-07-17 13:16 - 00000000 ____D C:\Users\Martlin\AppData\Local\{949B755F-3D30-43C9-910C-3E70339E663D}
2012-07-17 13:16 - 2012-07-17 13:16 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8A8023A5-6E43-4B66-9BD9-180B5D8A2269}
2012-07-16 23:39 - 2012-07-17 13:14 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMartlin.job
2012-07-16 13:41 - 2012-07-16 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{156FD38E-90E7-43BB-82D2-710857BB54F2}
2012-07-16 13:40 - 2012-07-16 13:41 - 00000000 ____D C:\Users\Martlin\AppData\Local\{01547206-4A0E-4C60-B6C3-3213A53F02A7}
2012-07-16 02:25 - 2012-07-16 02:25 - 00000000 ____D C:\Program Files (x86)\Acronis Disk Director Suite
2012-07-16 00:41 - 2012-07-16 00:41 - 00000000 ____D C:\Windows\pss
2012-07-15 23:40 - 2012-07-15 23:40 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\CleanMyPC Software
2012-07-15 23:40 - 2012-07-15 23:40 - 00000000 ____D C:\Program Files (x86)\CleanMyPC
2012-07-15 13:24 - 2012-07-15 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{4D2FE887-FAE8-4F40-B85E-FAAD2129C1EA}
2012-07-15 13:24 - 2012-07-15 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{432709AF-3EDF-4CE1-ACCC-84DA7A91E5EA}
2012-07-14 17:43 - 2012-07-14 17:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{A6D822D2-567F-4706-9EE4-7E81FEF17602}
2012-07-14 17:42 - 2012-07-14 17:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5BE768DF-8413-4309-8833-63C08C14EBAE}
2012-07-14 02:43 - 2012-07-14 02:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{C3A0B4BF-BC73-4DB3-A898-B1054790982B}
2012-07-14 02:43 - 2012-07-14 02:43 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B4D8ED4F-60D7-4563-A780-D3F9245F3719}
2012-07-13 14:42 - 2012-07-13 14:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{2E0B9CBE-B88B-40A0-85D7-332909B90946}
2012-07-13 14:41 - 2012-07-13 14:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{FEFE98F8-8971-48BF-A913-3EBCBF0A5852}
2012-07-12 13:27 - 2012-07-12 13:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{94C31185-08BC-4A64-8569-FDB2FEC025A7}
2012-07-12 13:26 - 2012-07-12 13:27 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8275A07F-BC3E-4170-A355-7812FEED6884}
2012-07-11 23:38 - 2012-07-11 23:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{9AF96C78-DCED-4ABB-B00D-F27F9C7BDFEB}
2012-07-11 23:38 - 2012-07-11 23:38 - 00000000 ____D C:\Users\Martlin\AppData\Local\{5B623B61-8780-424F-A712-1EDE4985BF65}
2012-07-11 04:14 - 2012-07-11 04:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{24E92400-E85B-4A49-B0AD-4F8F348456BA}
2012-07-11 04:13 - 2012-07-11 04:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{02D68A14-ED34-44F4-AA4F-9A18A5AFDD1A}
2012-07-10 13:08 - 2012-07-10 13:08 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F85715CA-1944-45F6-8E09-89D7E3E4A682}
2012-07-10 13:08 - 2012-07-10 13:08 - 00000000 ____D C:\Users\Martlin\AppData\Local\{279D7BF3-741E-4F9F-91AC-19BB8D5E3E16}
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Users\Martlin\AppData\Roaming\NCH Software
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Users\All Users\NCH Software
2012-07-10 02:38 - 2012-07-10 02:38 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-07-09 13:14 - 2012-07-09 13:15 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6868937F-5B14-4872-853E-5082344B5C4B}
2012-07-09 13:14 - 2012-07-09 13:14 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6BE19A82-B003-4CB1-A87B-EFDD6CA46D97}
2012-07-08 13:24 - 2012-07-08 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6E299C0D-DEB0-495E-A70B-A2021C16F9DC}
2012-07-08 13:24 - 2012-07-08 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{41CB0006-86BA-49DD-B6F1-681A016AA4A1}
2012-07-07 17:20 - 2012-07-07 17:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{A9632B61-9AAA-43EC-8047-E37465A88FC1}
2012-07-07 17:20 - 2012-07-07 17:20 - 00000000 ____D C:\Users\Martlin\AppData\Local\{98111811-05D7-4E08-B90B-8017AA48C8D3}
2012-07-07 03:29 - 2012-07-07 03:30 - 00000000 ____D C:\Users\Martlin\AppData\Local\{515B425A-EE3D-4A60-9DCA-836D1CA8F09F}
2012-07-07 03:29 - 2012-07-07 03:29 - 00000000 ____D C:\Users\Martlin\AppData\Local\{377E7F57-1BD2-4922-B487-87616D22E22B}
2012-07-06 15:28 - 2012-07-06 15:28 - 00000000 ____D C:\Users\Martlin\AppData\Local\{22E5C143-33EE-4D80-8502-64714764645C}
2012-07-06 15:27 - 2012-07-06 15:28 - 00000000 ____D C:\Users\Martlin\AppData\Local\{189C6A00-FCE1-4FCC-82F0-8BCC8B43CCC7}
2012-07-06 01:26 - 2012-07-06 01:26 - 00000000 ____D C:\Users\Martlin\AppData\Local\{B373EAB1-8C33-4B26-8DE8-9C246F87B2BC}
2012-07-06 01:26 - 2012-07-06 01:26 - 00000000 ____D C:\Users\Martlin\AppData\Local\{6A5B5229-07A2-408C-B773-506DDA40BF0F}
2012-07-05 13:24 - 2012-07-05 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{83B322CB-E78D-4F17-AB8F-3D0E8DC5736C}
2012-07-05 13:23 - 2012-07-05 13:24 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1372B32D-E666-4CB3-9504-5913E7C9540C}
2012-07-04 13:42 - 2012-07-04 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{C55B3A43-47CF-4D92-B50B-56A59D54A339}
2012-07-04 13:42 - 2012-07-04 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{8D1DCBFB-9C76-4656-9086-3A412DEC6857}
2012-07-03 13:22 - 2012-07-03 13:23 - 00000000 ____D C:\Users\Martlin\AppData\Local\{43BB1718-2B67-4853-B15A-947D413AD70C}
2012-07-03 13:22 - 2012-07-03 13:22 - 00000000 ____D C:\Users\Martlin\AppData\Local\{CEFE1D07-8801-49C5-9C07-F91E45FD2D2D}
2012-07-02 13:42 - 2012-07-02 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{DDCFE8B9-684E-4484-8F0E-3CD75966D938}
2012-07-02 13:42 - 2012-07-02 13:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{639FD061-63F4-48F8-8809-EE5EA007AABD}
2012-07-02 01:42 - 2012-07-02 01:42 - 00000000 ____D C:\Users\Martlin\AppData\Local\{1966B80B-3ECD-4A55-AAF7-427135E5CD7A}
2012-07-02 01:41 - 2012-07-02 01:41 - 00000000 ____D C:\Users\Martlin\AppData\Local\{F70149F9-2E1E-4BE7-883B-014DFF74F73F}

============ 3 Months Modified Files ========================

2012-07-31 23:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 23:55 - 2009-07-13 20:51 - 00180116 ____A C:\Windows\setupact.log
2012-07-31 23:34 - 2011-04-11 00:42 - 01672966 ____A C:\Windows\WindowsUpdate.log
2012-07-31 23:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-31 23:30 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-31 23:26 - 2009-07-13 21:13 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-31 23:21 - 2012-01-21 23:57 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 14:54 - 2012-04-10 14:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-31 14:51 - 2012-01-21 23:58 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-31 13:58 - 2012-07-31 13:58 - 01438391 ____A (Farbar) C:\Users\Martlin\Desktop\FRST64.exe
2012-07-31 00:08 - 2011-05-09 23:39 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-30 02:56 - 2012-07-30 02:56 - 00001251 ____A C:\Users\Martlin\Desktop\RKreport[4].txt
2012-07-30 02:46 - 2012-07-30 02:46 - 00004011 ____A C:\Users\Martlin\Desktop\RKreport[3].txt
2012-07-30 02:45 - 2012-07-30 02:45 - 00003712 ____A C:\Users\Martlin\Desktop\RKreport[2].txt
2012-07-30 02:33 - 2012-07-30 02:37 - 01552384 ____A C:\Users\Martlin\Desktop\RogueKiller.exe
2012-07-29 00:25 - 2011-08-29 02:53 - 00001456 ____A C:\Users\Martlin\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-07-28 15:32 - 2012-07-28 15:32 - 00435712 ____A (Stardock Systems, Inc) C:\Users\Martlin\AppData\Roaming\conde.dll
2012-07-28 15:29 - 2011-05-09 09:37 - 00065610 ____A C:\Windows\PFRO.log
2012-07-28 01:37 - 2012-07-28 01:38 - 00131072 ___AS (Crytek) C:\Users\Martlin\AppData\Roaming\cmidg.dll
2012-07-28 01:35 - 2012-07-21 22:28 - 00000141 ____A C:\Users\Martlin\Desktop\60d prices.txt
2012-07-27 01:55 - 2012-04-10 14:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 01:55 - 2011-06-14 13:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-24 00:31 - 2012-07-24 00:31 - 00001454 ___AH C:\Users\Martlin\Desktop\The All Seeing O - Shortcut.lnk
2012-07-24 00:31 - 2012-07-24 00:31 - 00001382 ___AH C:\Users\Martlin\Desktop\new nuds - Shortcut.lnk
2012-07-17 13:14 - 2012-07-16 23:39 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForMartlin.job
2012-07-12 03:26 - 2009-07-13 20:45 - 05026536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 01:39 - 2011-05-09 02:45 - 00128472 ____A C:\Users\Martlin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-02 19:46 - 2011-05-09 02:52 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-20 23:53 - 2010-10-20 13:26 - 00000963 ____A C:\Windows\DirectX.log
2012-05-29 13:13 - 2009-07-13 21:08 - 00032596 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-23 03:01 - 2012-04-13 16:38 - 00000132 ____A C:\Users\Martlin\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-05-14 23:33 - 2011-08-22 23:32 - 00001854 ____A C:\Users\Martlin\AppData\Roaming\GhostObjGAFix.xml

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 1786.9 MB
Available physical RAM: 1176.54 MB
Total Pagefile: 1786.9 MB
Available Pagefile: 1174.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:447.91 GB) (Free:103.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:17.55 GB) (Free:2.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (Biggun) (Fixed) (Total:1397.26 GB) (Free:203.35 GB) NTFS
6 Drive i: () (Removable) (Total:7.47 GB) (Free:1.9 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1397 GB 0 B
Disk 2 Online 7663 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 447 GB 200 MB
Partition 3 Primary 17 GB 448 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 447 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 17 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Biggun NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7655 MB 22 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 7655 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-29 14:48

======================= End Of Log ==========================

Thanks again for all your help so far Smile...

Re: Unknown Malware....1st August 2012, 7:36 pm

You're welcome. Smile...

ComboFix

Please download ComboFix Unknown Malware.... Combofix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

Re: Unknown Malware....2nd August 2012, 8:13 am

It all seemed to work ok so here is the log it created:

ComboFix 12-07-31.03 - Martlin 02/08/2012 17:41:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1787.573 [GMT 10:00]
Running from: c:\users\Martlin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martlin\AppData\Local\Temp\libsqlitejdbc-6969791418190783932.lib
c:\users\Martlin\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\WindowsAPI.dll3108636939230057295.lib
c:\users\Martlin\AppData\Roaming\cmidg.dll
c:\users\Martlin\AppData\Roaming\conde.dll
c:\users\Martlin\AppData\Roaming\Exywu
c:\users\Martlin\AppData\Roaming\Exywu\yzic.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 02:02 . 2012-08-02 02:03 -------- d-----w- C:\FRST
2012-07-28 23:34 . 2012-07-30 07:46 -------- d-----w- c:\users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-28 09:38 . 2012-07-29 04:12 -------- d-----w- c:\users\Martlin\AppData\Roaming\Yqemo
2012-07-28 09:38 . 2012-07-28 09:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\Orca
2012-07-16 10:25 . 2012-07-16 10:25 -------- d-----w- c:\program files (x86)\Acronis Disk Director Suite
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\users\Martlin\AppData\Roaming\CleanMyPC Software
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\programdata\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:55 . 2012-04-10 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:55 . 2011-06-14 21:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 03:46 . 2011-05-09 10:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 04:04 . 2010-12-13 08:21 326656 ----a-w- c:\program files\VOBMerge252.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-05 1401224]
"ExtremeSync Background Scheduler"="c:\program files (x86)\SuperFlexible\ExtremeSyncService.exe" [2009-06-07 6831616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-9 113664]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-29 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Martlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper^32*Registry: HKLM:RUN]
2012-03-26 19:09 421736 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper^Registry: HKCU:RUN]
2012-01-04 06:07 937872 ----a-w- c:\program files (x86)\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR^Registry: HKCU:RUN]
2012-01-04 06:07 21392 ----a-w- c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent^Registry: HKCU:RUN]
2012-01-04 06:07 3508624 ----a-w- c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)^Registry: HKCU:RUN]
2011-08-21 14:18 6276408 ----a-w- c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup^32*Registry: HKLM:RUN]
2010-06-01 22:33 1155928 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper^Registry: HKCU:RUN]
2012-07-13 07:26 1192664 ----a-w- c:\users\Martlin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSvia64.sys [2011-07-07 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-30 203264]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-30 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-30 279040]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:55]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForMartlin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-02 18:08:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 08:08
.
Pre-Run: 110,206,005,248 bytes free
Post-Run: 116,408,332,288 bytes free
.
- - End Of File - - E095DFC89EDADB635438A79AF254296A

Re: Unknown Malware....2nd August 2012, 11:38 am

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Unknown Malware....2nd August 2012, 12:45 pm

ComboFix 12-07-31.03 - Martlin 02/08/2012 22:16:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1787.651 [GMT 10:00]
Running from: c:\users\Martlin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martlin\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martlin\AppData\Local\Temp\libsqlitejdbc-4578499895525346981.lib
c:\users\Martlin\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\WindowsAPI.dll2467676789087132102.lib
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 12:33 . 2012-08-02 12:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 02:02 . 2012-08-02 02:03 -------- d-----w- C:\FRST
2012-07-28 23:34 . 2012-07-30 07:46 -------- d-----w- c:\users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-28 09:38 . 2012-07-29 04:12 -------- d-----w- c:\users\Martlin\AppData\Roaming\Yqemo
2012-07-28 09:38 . 2012-07-28 09:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\Orca
2012-07-16 10:25 . 2012-07-16 10:25 -------- d-----w- c:\program files (x86)\Acronis Disk Director Suite
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\users\Martlin\AppData\Roaming\CleanMyPC Software
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\programdata\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:55 . 2012-04-10 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:55 . 2011-06-14 21:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 03:46 . 2011-05-09 10:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 04:04 . 2010-12-13 08:21 326656 ----a-w- c:\program files\VOBMerge252.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_08.01.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-08-02 12:03 50720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-09 10:43 . 2012-08-02 12:37 22970 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1926778873-3121763269-34881918-1000_UserData.bin
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 10:43 . 2012-08-02 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-09 10:43 . 2012-08-02 12:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 12:35 . 2012-08-02 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 12:35 . 2012-08-02 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-11 12:03 . 2012-08-02 11:13 271760 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-02 07:40 632602 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-02 12:09 632602 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-02 07:40 112556 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-02 12:09 112556 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-02 12:34 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-02 07:59 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-29 09:01 . 2012-08-02 08:21 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
- 2012-05-29 09:01 . 2012-05-29 09:01 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-05-29 08:53 . 2012-05-29 08:53 49125888 c:\windows\Installer\126366.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-05 1401224]
"ExtremeSync Background Scheduler"="c:\program files (x86)\SuperFlexible\ExtremeSyncService.exe" [2009-06-07 6831616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-9 113664]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-29 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Martlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper^32*Registry: HKLM:RUN]
2012-03-26 19:09 421736 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper^Registry: HKCU:RUN]
2012-01-04 06:07 937872 ----a-w- c:\program files (x86)\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR^Registry: HKCU:RUN]
2012-01-04 06:07 21392 ----a-w- c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent^Registry: HKCU:RUN]
2012-01-04 06:07 3508624 ----a-w- c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)^Registry: HKCU:RUN]
2011-08-21 14:18 6276408 ----a-w- c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup^32*Registry: HKLM:RUN]
2010-06-01 22:33 1155928 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper^Registry: HKCU:RUN]
2012-07-13 07:26 1192664 ----a-w- c:\users\Martlin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSvia64.sys [2011-07-07 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-30 203264]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-30 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-30 279040]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:55]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForMartlin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-02 22:43:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 12:43
ComboFix2.txt 2012-08-02 08:08
.
Pre-Run: 114,197,024,768 bytes free
Post-Run: 113,998,147,584 bytes free
.
- - End Of File - - 88FCB59574A15290D95A0560EECFE272

Re: Unknown Malware....2nd August 2012, 8:23 pm

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results. Post only the contents of both logs.
Close the program window, and delete the program from your Desktop.

Re: Unknown Malware....3rd August 2012, 7:46 am

Here is the DDS log, and I will attach the zipped Attach.txt file to this post as requested by the program.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Martlin at 17:35:58 on 2012-08-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1787.602 [GMT 10:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\SysWOW64\NlsSrv32.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: CatcherBHO Class: {9b4df450-dcc7-4b07-935d-0cd757a64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Registry Cleaner Scheduler] "C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup
uRun: [ExtremeSync Background Scheduler] C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Martlin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D3FC7590-7339-410A-B8D4-0938DBF388CB} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DCDC8AAE-72CF-475D-A03D-F49970D5DD19} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DCDC8AAE-72CF-475D-A03D-F49970D5DD19}\C6F66756C6F66756D25707374716962737D274 : DhcpNameServer = 61.9.194.49 61.9.195.193
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: CatcherBHO Class: {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files (x86)\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
BHO-X64: CacherBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-7-6 1143416]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSviA64.sys [2011-7-7 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-11 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-22 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-6 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-4 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-29 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-12 130008]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe [2011-5-25 61440]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-25 315392]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\system32\drivers\anvsnddrv.sys --> C:\Windows\system32\drivers\anvsnddrv.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-10 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-22 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-03 07:26:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-02 07:37:59 98816 ----a-w- C:\Windows\sed.exe
2012-08-02 07:37:59 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-02 07:37:59 256000 ----a-w- C:\Windows\PEV.exe
2012-08-02 07:37:59 208896 ----a-w- C:\Windows\MBR.exe
2012-08-02 02:02:59 -------- d-----w- C:\FRST
2012-08-01 21:22:40 -------- d-----w- C:\Users\Martlin\AppData\Local\{B848F6A8-82F4-4D74-99E6-9AFF9EC56E0F}
2012-08-01 21:22:18 -------- d-----w- C:\Users\Martlin\AppData\Local\{DA59E293-BB45-473E-9F13-C316BB573CCF}
2012-08-01 08:10:02 -------- d-----w- C:\Users\Martlin\AppData\Local\{58A36452-ED41-41DF-880F-6100DAF7B0E1}
2012-08-01 07:22:06 -------- d-----w- C:\Users\Martlin\AppData\Local\{96B030FE-B936-4C9B-A45D-66C94E9B761D}
2012-07-31 21:29:43 -------- d-----w- C:\Users\Martlin\AppData\Local\{DC99997A-8B95-44F0-A650-9AA89E92164E}
2012-07-31 09:38:20 -------- d-----w- C:\Users\Martlin\AppData\Local\{0A10722A-C5C7-4994-92CD-E5B1AE2D0B6C}
2012-07-31 07:21:19 -------- d-----w- C:\Users\Martlin\AppData\Local\{40BE66E2-019C-46A3-9BC4-4437ACE63828}
2012-07-30 21:32:43 -------- d-----w- C:\Users\Martlin\AppData\Local\{3351B467-388C-4B05-AA08-13C5CCCB54D6}
2012-07-30 07:48:23 -------- d-----w- C:\Users\Martlin\AppData\Local\{E1EC5F3C-49D1-44E6-9C41-8C3D805EB5F1}
2012-07-30 07:37:32 -------- d-----w- C:\Users\Martlin\AppData\Local\{9319F840-AAF1-4FE6-B620-7D49E9D1598C}
2012-07-30 07:21:18 -------- d-----w- C:\Users\Martlin\AppData\Local\{8B01E12E-6341-45AC-8245-AC5FBE9D0B80}
2012-07-29 11:34:03 -------- d-----w- C:\Users\Martlin\AppData\Local\{F16AE24B-CB3C-4542-9484-A840F8C21AF1}
2012-07-28 23:34:25 -------- d-----w- C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-28 23:32:46 -------- d-----w- C:\Users\Martlin\AppData\Local\{1D6AF53D-13B7-4BDB-BA9C-CC4B875371BB}
2012-07-28 23:30:57 -------- d-----w- C:\Users\Martlin\AppData\Local\{3BBD742F-1F21-4365-8CC5-3F5200294796}
2012-07-28 09:38:01 -------- d-----w- C:\Users\Martlin\AppData\Roaming\Yqemo
2012-07-28 09:38:01 -------- d-----w- C:\Users\Martlin\AppData\Roaming\Orca
2012-07-27 23:27:22 -------- d-----w- C:\Users\Martlin\AppData\Local\{6BFD0C58-6B53-43CB-86F2-08952C9B8751}
2012-07-27 23:26:59 -------- d-----w- C:\Users\Martlin\AppData\Local\{F7B4B099-10F8-4279-9222-569FEE5CEADD}
2012-07-26 21:36:16 -------- d-----w- C:\Users\Martlin\AppData\Local\{EAA45DC2-D833-4AF1-8124-D13181EF0B3A}
2012-07-26 21:35:56 -------- d-----w- C:\Users\Martlin\AppData\Local\{10FDEE92-F88D-4443-9751-F8F2984B48F3}
2012-07-25 21:38:30 -------- d-----w- C:\Users\Martlin\AppData\Local\{E2AD9392-B05B-4AED-8136-E3B403FA6E77}
2012-07-25 21:38:11 -------- d-----w- C:\Users\Martlin\AppData\Local\{34AFE524-B263-47B2-9641-5A18BCAEF8B1}
2012-07-25 09:37:34 -------- d-----w- C:\Users\Martlin\AppData\Local\{FCA4A0FB-45A2-4CBE-88B7-5AE87885F6D5}
2012-07-25 09:37:21 -------- d-----w- C:\Users\Martlin\AppData\Local\{B97EFE3F-55B5-4B6F-A764-5ED51C85A309}
2012-07-24 21:36:24 -------- d-----w- C:\Users\Martlin\AppData\Local\{68263965-2E67-480D-9002-85C1B297C412}
2012-07-24 21:36:08 -------- d-----w- C:\Users\Martlin\AppData\Local\{0E96F863-50D1-4BE8-8C6E-6FCE143026A2}
2012-07-24 09:35:27 -------- d-----w- C:\Users\Martlin\AppData\Local\{2D329D76-B1B3-496E-9BD2-C577B444B643}
2012-07-24 09:35:13 -------- d-----w- C:\Users\Martlin\AppData\Local\{03B06150-D611-4E83-BDE0-886E3C6BFC00}
2012-07-23 21:33:51 -------- d-----w- C:\Users\Martlin\AppData\Local\{1BCBB1C0-93B5-4B98-BC2B-859BB9C584BA}
2012-07-23 21:33:31 -------- d-----w- C:\Users\Martlin\AppData\Local\{44691B81-33FB-4A0C-B615-D317BD88A638}
2012-07-23 09:32:48 -------- d-----w- C:\Users\Martlin\AppData\Local\{3F38A075-3C60-4481-B896-EFD91B95D58B}
2012-07-23 09:32:35 -------- d-----w- C:\Users\Martlin\AppData\Local\{47744C18-65FF-4F1C-8797-3313EB6D14E0}
2012-07-22 21:31:14 -------- d-----w- C:\Users\Martlin\AppData\Local\{7AA0AF47-C3B3-4272-9C0C-F04E38F9C88F}
2012-07-22 21:30:42 -------- d-----w- C:\Users\Martlin\AppData\Local\{5EC80708-11DA-437C-9F85-39729C1C30E7}
2012-07-22 02:57:29 -------- d-----w- C:\Users\Martlin\AppData\Local\{5CB614A6-5816-44B0-B110-31C89C0B6CE2}
2012-07-22 02:53:46 -------- d-----w- C:\Users\Martlin\AppData\Local\{B1BE1058-262C-4FA9-9783-2596A68B6143}
2012-07-21 07:13:59 -------- d-----w- C:\Users\Martlin\AppData\Local\{863393A3-3C5B-4F51-8E57-34433889A10F}
2012-07-21 07:13:35 -------- d-----w- C:\Users\Martlin\AppData\Local\{2B8708C0-8A60-445A-A845-B9A7EAB05F59}
2012-07-20 23:48:42 -------- d-----w- C:\Users\Martlin\AppData\Local\{11ACE0F3-C8D3-46A4-9451-0AB9A1017234}
2012-07-20 09:21:00 -------- d-----w- C:\Users\Martlin\AppData\Local\{2E14B339-60FD-4FFC-83B0-33B8B3A5D7E9}
2012-07-19 21:20:27 -------- d-----w- C:\Users\Martlin\AppData\Local\{E5CA2573-404B-40BF-92EA-BB87CBEF9662}
2012-07-19 21:20:13 -------- d-----w- C:\Users\Martlin\AppData\Local\{20F58424-43DB-43E2-9975-3C6436BBC294}
2012-07-19 09:19:36 -------- d-----w- C:\Users\Martlin\AppData\Local\{FE8723FD-7341-41DA-9A93-F48286066CDB}
2012-07-19 09:19:23 -------- d-----w- C:\Users\Martlin\AppData\Local\{ACCBFF81-3684-4EA0-8679-CC30D3270C74}
2012-07-18 21:18:52 -------- d-----w- C:\Users\Martlin\AppData\Local\{AA87F0BB-8FC1-4697-B671-03379095F5B2}
2012-07-18 21:18:39 -------- d-----w- C:\Users\Martlin\AppData\Local\{4B689586-DD0D-4AEC-9FCE-2FF7F4DA9790}
2012-07-18 09:18:06 -------- d-----w- C:\Users\Martlin\AppData\Local\{3517CA46-182C-4BA3-934B-49B82AAF6B1D}
2012-07-18 09:17:45 -------- d-----w- C:\Users\Martlin\AppData\Local\{AF6E1669-F539-444A-9CF0-2BAF9B537DE9}
2012-07-17 21:16:30 -------- d-----w- C:\Users\Martlin\AppData\Local\{8A8023A5-6E43-4B66-9BD9-180B5D8A2269}
2012-07-17 21:16:15 -------- d-----w- C:\Users\Martlin\AppData\Local\{949B755F-3D30-43C9-910C-3E70339E663D}
2012-07-16 21:41:53 -------- d-----w- C:\Users\Martlin\AppData\Local\{156FD38E-90E7-43BB-82D2-710857BB54F2}
2012-07-16 21:40:36 -------- d-----w- C:\Users\Martlin\AppData\Local\{01547206-4A0E-4C60-B6C3-3213A53F02A7}
2012-07-16 10:25:30 -------- d-----w- C:\Program Files (x86)\Acronis Disk Director Suite
2012-07-16 08:41:55 -------- d-----w- C:\Windows\pss
2012-07-16 07:40:58 -------- d-----w- C:\Users\Martlin\AppData\Roaming\CleanMyPC Software
2012-07-16 07:40:29 -------- d-----w- C:\Program Files (x86)\CleanMyPC
2012-07-15 21:24:39 -------- d-----w- C:\Users\Martlin\AppData\Local\{432709AF-3EDF-4CE1-ACCC-84DA7A91E5EA}
2012-07-15 21:24:19 -------- d-----w- C:\Users\Martlin\AppData\Local\{4D2FE887-FAE8-4F40-B85E-FAAD2129C1EA}
2012-07-15 01:43:08 -------- d-----w- C:\Users\Martlin\AppData\Local\{A6D822D2-567F-4706-9EE4-7E81FEF17602}
2012-07-15 01:42:46 -------- d-----w- C:\Users\Martlin\AppData\Local\{5BE768DF-8413-4309-8833-63C08C14EBAE}
2012-07-14 10:43:29 -------- d-----w- C:\Users\Martlin\AppData\Local\{C3A0B4BF-BC73-4DB3-A898-B1054790982B}
2012-07-14 10:43:16 -------- d-----w- C:\Users\Martlin\AppData\Local\{B4D8ED4F-60D7-4563-A780-D3F9245F3719}
2012-07-13 22:42:05 -------- d-----w- C:\Users\Martlin\AppData\Local\{2E0B9CBE-B88B-40A0-85D7-332909B90946}
2012-07-13 22:41:48 -------- d-----w- C:\Users\Martlin\AppData\Local\{FEFE98F8-8971-48BF-A913-3EBCBF0A5852}
2012-07-12 21:27:15 -------- d-----w- C:\Users\Martlin\AppData\Local\{94C31185-08BC-4A64-8569-FDB2FEC025A7}
2012-07-12 21:26:55 -------- d-----w- C:\Users\Martlin\AppData\Local\{8275A07F-BC3E-4170-A355-7812FEED6884}
2012-07-12 07:38:32 -------- d-----w- C:\Users\Martlin\AppData\Local\{9AF96C78-DCED-4ABB-B00D-F27F9C7BDFEB}
2012-07-12 07:38:13 -------- d-----w- C:\Users\Martlin\AppData\Local\{5B623B61-8780-424F-A712-1EDE4985BF65}
2012-07-11 12:14:16 -------- d-----w- C:\Users\Martlin\AppData\Local\{24E92400-E85B-4A49-B0AD-4F8F348456BA}
2012-07-11 12:13:58 -------- d-----w- C:\Users\Martlin\AppData\Local\{02D68A14-ED34-44F4-AA4F-9A18A5AFDD1A}
2012-07-10 21:08:29 -------- d-----w- C:\Users\Martlin\AppData\Local\{279D7BF3-741E-4F9F-91AC-19BB8D5E3E16}
2012-07-10 21:08:09 -------- d-----w- C:\Users\Martlin\AppData\Local\{F85715CA-1944-45F6-8E09-89D7E3E4A682}
2012-07-10 10:38:09 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-07-10 10:38:03 -------- d-----w- C:\Users\Martlin\AppData\Roaming\NCH Software
2012-07-09 21:14:56 -------- d-----w- C:\Users\Martlin\AppData\Local\{6868937F-5B14-4872-853E-5082344B5C4B}
2012-07-09 21:14:32 -------- d-----w- C:\Users\Martlin\AppData\Local\{6BE19A82-B003-4CB1-A87B-EFDD6CA46D97}
2012-07-08 21:24:34 -------- d-----w- C:\Users\Martlin\AppData\Local\{6E299C0D-DEB0-495E-A70B-A2021C16F9DC}
2012-07-08 21:24:14 -------- d-----w- C:\Users\Martlin\AppData\Local\{41CB0006-86BA-49DD-B6F1-681A016AA4A1}
2012-07-08 01:20:35 -------- d-----w- C:\Users\Martlin\AppData\Local\{A9632B61-9AAA-43EC-8047-E37465A88FC1}
2012-07-08 01:20:19 -------- d-----w- C:\Users\Martlin\AppData\Local\{98111811-05D7-4E08-B90B-8017AA48C8D3}
2012-07-07 11:29:53 -------- d-----w- C:\Users\Martlin\AppData\Local\{515B425A-EE3D-4A60-9DCA-836D1CA8F09F}
2012-07-07 11:29:39 -------- d-----w- C:\Users\Martlin\AppData\Local\{377E7F57-1BD2-4922-B487-87616D22E22B}
2012-07-06 23:28:12 -------- d-----w- C:\Users\Martlin\AppData\Local\{22E5C143-33EE-4D80-8502-64714764645C}
2012-07-06 23:27:52 -------- d-----w- C:\Users\Martlin\AppData\Local\{189C6A00-FCE1-4FCC-82F0-8BCC8B43CCC7}
2012-07-06 09:26:18 -------- d-----w- C:\Users\Martlin\AppData\Local\{6A5B5229-07A2-408C-B773-506DDA40BF0F}
2012-07-06 09:26:02 -------- d-----w- C:\Users\Martlin\AppData\Local\{B373EAB1-8C33-4B26-8DE8-9C246F87B2BC}
2012-07-05 21:24:31 -------- d-----w- C:\Users\Martlin\AppData\Local\{83B322CB-E78D-4F17-AB8F-3D0E8DC5736C}
2012-07-05 21:23:57 -------- d-----w- C:\Users\Martlin\AppData\Local\{1372B32D-E666-4CB3-9504-5913E7C9540C}
2012-07-04 21:42:27 -------- d-----w- C:\Users\Martlin\AppData\Local\{8D1DCBFB-9C76-4656-9086-3A412DEC6857}
2012-07-04 21:42:07 -------- d-----w- C:\Users\Martlin\AppData\Local\{C55B3A43-47CF-4D92-B50B-56A59D54A339}
.
==================== Find3M ====================
.
2012-07-27 09:55:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 09:55:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-13 04:04:13 326656 ----a-w- C:\Program Files\VOBMerge252.exe
.
============= FINISH: 17:38:20.63 ===============

Re: Unknown Malware....3rd August 2012, 7:51 am

I can't tell if the Attach.txt attached to that last post...I can't see it Sad tearing

Let me know if you need/want me to post the log as a reply, the log suggests not to post it but I can't seem to attach it for some reason.

Thanks for your help, let me know how to proceed with the Attach.txt.

Thanks!!

Re: Unknown Malware....3rd August 2012, 11:07 am

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
ClearJavaCache::

Folder::
C:\Users\Martlin\AppData\Roaming\Yqemo
C:\Users\Martlin\AppData\Roaming\Orca
C:\Users\Martlin\AppData\Roaming\CleanMyPC Software

DDS::
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Log4th August 2012, 4:58 am

ComboFix 12-07-31.03 - Martlin 04/08/2012 9:52.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1787.623 [GMT 10:00]
Running from: c:\users\Martlin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martlin\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martlin\AppData\Local\Temp\libsqlitejdbc-2760605325454088841.lib
c:\users\Martlin\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\swt-win32-3448.dll
c:\users\Martlin\AppData\Local\Temp\WindowsAPI.dll4264120695459480242.lib
c:\users\Martlin\AppData\Roaming\CleanMyPC Software
c:\users\Martlin\AppData\Roaming\CleanMyPC Software\CleanMyPC Registry Cleaner\fixlog.ini
c:\users\Martlin\AppData\Roaming\CleanMyPC Software\CleanMyPC Registry Cleaner\RegCleanMaster.ini
c:\users\Martlin\AppData\Roaming\CleanMyPC Software\CleanMyPC Registry Cleaner\UndoCenter\20120716183357A.cab
c:\users\Martlin\AppData\Roaming\CleanMyPC Software\CleanMyPC Registry Cleaner\UndoCenter\20120728195219A.cab
c:\users\Martlin\AppData\Roaming\CleanMyPC Software\CleanMyPC Registry Cleaner\UndoCenter\20120729203949A.cab
c:\users\Martlin\AppData\Roaming\Orca
c:\users\Martlin\AppData\Roaming\Orca\uzti.esa
c:\users\Martlin\AppData\Roaming\Yqemo
c:\users\Martlin\AppData\Roaming\Yqemo\ubqo.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 00:08 . 2012-08-04 00:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 00:07 . 2012-08-04 00:07 -------- d-----w- c:\users\Martlin\AppData\Roaming\CleanMyPC Software
2012-08-02 02:02 . 2012-08-02 02:03 -------- d-----w- C:\FRST
2012-07-28 23:34 . 2012-07-30 07:46 -------- d-----w- c:\users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-16 10:25 . 2012-07-16 10:25 -------- d-----w- c:\program files (x86)\Acronis Disk Director Suite
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\programdata\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:55 . 2012-04-10 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:55 . 2011-06-14 21:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 03:46 . 2011-05-09 10:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 04:04 . 2010-12-13 08:21 326656 ----a-w- c:\program files\VOBMerge252.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_08.01.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-10-20 21:23 . 2012-08-01 08:10 60284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-10-20 21:23 . 2012-08-03 07:27 60284 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 00:12 50768 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-09 10:43 . 2012-08-04 00:12 23026 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1926778873-3121763269-34881918-1000_UserData.bin
+ 2011-05-09 10:43 . 2012-08-04 00:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 10:43 . 2012-08-04 00:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-14 02:20 . 2012-08-04 00:09 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 00:10 . 2012-08-04 00:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 00:10 . 2012-08-04 00:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-11 12:03 . 2012-08-03 23:26 273434 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-08-03 12:05 632602 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-02 07:40 632602 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-03 12:05 112556 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 07:40 112556 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-04 00:09 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-02 07:59 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-29 09:01 . 2012-08-02 08:21 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
- 2012-05-29 09:01 . 2012-05-29 09:01 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-05-29 08:53 . 2012-05-29 08:53 49125888 c:\windows\Installer\126366.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-05 1401224]
"ExtremeSync Background Scheduler"="c:\program files (x86)\SuperFlexible\ExtremeSyncService.exe" [2009-06-07 6831616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-9 113664]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-29 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Martlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper^32*Registry: HKLM:RUN]
2012-03-26 19:09 421736 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper^Registry: HKCU:RUN]
2012-01-04 06:07 937872 ----a-w- c:\program files (x86)\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR^Registry: HKCU:RUN]
2012-01-04 06:07 21392 ----a-w- c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent^Registry: HKCU:RUN]
2012-01-04 06:07 3508624 ----a-w- c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)^Registry: HKCU:RUN]
2011-08-21 14:18 6276408 ----a-w- c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup^32*Registry: HKLM:RUN]
2010-06-01 22:33 1155928 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper^Registry: HKCU:RUN]
2012-07-13 07:26 1192664 ----a-w- c:\users\Martlin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [2011-05-19 1143416]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110707.031\IDSvia64.sys [2011-07-07 488056]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-30 203264]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-30 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-30 279040]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:55]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForMartlin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-04 10:18:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-04 00:18
ComboFix2.txt 2012-08-02 12:43
ComboFix3.txt 2012-08-02 08:08
.
Pre-Run: 113,321,164,800 bytes free
Post-Run: 113,120,452,608 bytes free
.
- - End Of File - - 388C290446D5A88D4BA977B66FE6AA09

Re: Unknown Malware....4th August 2012, 4:20 pm

ComboFix Script

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: Unknown Malware....5th August 2012, 8:09 am

ComboFix 12-07-31.03 - Martlin 05/08/2012 17:31:43.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1787.707 [GMT 10:00]
Running from: c:\users\Martlin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martlin\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 07:46 . 2012-08-05 07:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 00:07 . 2012-08-04 00:07 -------- d-----w- c:\users\Martlin\AppData\Roaming\CleanMyPC Software
2012-08-02 02:02 . 2012-08-02 02:03 -------- d-----w- C:\FRST
2012-07-28 23:34 . 2012-07-30 07:46 -------- d-----w- c:\users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}
2012-07-16 10:25 . 2012-07-16 10:25 -------- d-----w- c:\program files (x86)\Acronis Disk Director Suite
2012-07-16 07:40 . 2012-07-16 07:40 -------- d-----w- c:\program files (x86)\CleanMyPC
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\programdata\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\program files (x86)\NCH Software
2012-07-10 10:38 . 2012-07-10 10:38 -------- d-----w- c:\users\Martlin\AppData\Roaming\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 09:55 . 2012-04-10 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 09:55 . 2011-06-14 21:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 03:46 . 2011-05-09 10:52 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 04:04 . 2010-12-13 08:21 326656 ----a-w- c:\program files\VOBMerge252.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-02_08.01.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-20 21:23 . 2012-08-05 07:25 60954 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-05 07:25 50784 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-09 10:43 . 2012-08-05 07:25 23066 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1926778873-3121763269-34881918-1000_UserData.bin
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 10:43 . 2012-08-05 07:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-09 10:43 . 2012-08-05 07:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-09 10:43 . 2012-08-02 07:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-14 02:20 . 2012-08-05 07:17 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 07:48 . 2012-08-05 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-05 07:48 . 2012-08-05 07:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 08:00 . 2012-08-02 08:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-11 12:03 . 2012-08-05 07:09 273666 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-02 07:40 632602 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 07:52 632602 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-05 07:52 112556 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-02 07:40 112556 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-05 07:47 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-02 07:59 537688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-29 09:01 . 2012-05-29 09:01 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-05-29 09:01 . 2012-08-02 08:21 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-05-29 08:53 . 2012-05-29 08:53 49125888 c:\windows\Installer\126366.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Registry Cleaner Scheduler"="c:\program files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe" [2011-10-05 1401224]
"ExtremeSync Background Scheduler"="c:\program files (x86)\SuperFlexible\ExtremeSyncService.exe" [2009-06-07 6831616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-08-07 91648]
"ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-05-10 2080]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
.
c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Martlin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-5-9 113664]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-29 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Users^Martlin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Martlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper^32*Registry: HKLM:RUN]
2012-03-26 19:09 421736 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper^Registry: HKCU:RUN]
2012-01-04 06:07 937872 ----a-w- c:\program files (x86)\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR^Registry: HKCU:RUN]
2012-01-04 06:07 21392 ----a-w- c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent^Registry: HKCU:RUN]
2012-01-04 06:07 3508624 ----a-w- c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)^Registry: HKCU:RUN]
2011-08-21 14:18 6276408 ----a-w- c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup^32*Registry: HKLM:RUN]
2010-06-01 22:33 1155928 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper^Registry: HKCU:RUN]
2012-07-13 07:26 1192664 ----a-w- c:\users\Martlin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-08-12 9216]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-24 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-07-20 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-08 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-30 203264]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-30 7767552]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-30 279040]
S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 20:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 09:55]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-22 07:57]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForMartlin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Martlin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Martlin\AppData\Roaming\Mozilla\Firefox\Profiles\dx6bqd9s.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-05 18:01:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 08:01
ComboFix2.txt 2012-08-04 00:18
ComboFix3.txt 2012-08-02 12:43
ComboFix4.txt 2012-08-02 08:08
.
Pre-Run: 120,064,356,352 bytes free
Post-Run: 120,063,692,800 bytes free
.
- - End Of File - - DF2EBE87E38A979571DE63EDF3369FA7

Re: Unknown Malware....5th August 2012, 8:37 pm

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Unknown Malware....6th August 2012, 7:48 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4151872bfb4c4f48a6bcdad2d862d7eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-05 11:54:28
# local_time=2012-08-06 09:54:28 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 16161037 95835765 0 0
# compatibility_mode=8192 67108863 100 0 3988 3988 0 0
# scanned=375687
# found=12
# cleaned=12
# scan_time=8563
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Martlin\AppData\Roaming\cmidg.dll.vir a variant of Win32/Medfos.BK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Martlin\AppData\Roaming\conde.dll.vir a variant of Win32/Medfos.BL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Martlin\AppData\Roaming\Exywu\yzic.exe.vir a variant of Win32/Injector.UJP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\AppData\Local\{8C83E50B-D90C-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\000000cb.@.vir Win64/Conedex.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\80000000.@.vir Win64/Sirefef.AP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\80000032.@.vir a variant of Win32/Sirefef.FD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\cmidg.dll.vir a variant of Win32/Medfos.BK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\conde.dll.vir a variant of Win32/Medfos.BL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Martlin\Desktop\RK_Quarantine\yzic.exe.vir a variant of Win32/Injector.UJP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: Unknown Malware....6th August 2012, 6:56 pm

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

Slow computer
Error messages
Fake antivirus alerts or the icon in the system tray
svchost.exe running at 100%
System crashes or blue screen of death

Re: Unknown Malware....8th August 2012, 5:49 am

Thanks for all your help!

I used the laptop last night to see if there was anything untoward, however so far it's looking good!

The computer seems much quicker to respond.
No error messages....yet! (fingers crossed their won't be)
Svchost.exe doesn't appear to be running at 100%.
No system crashes or blue screen of death! Big Grin

yey!

The only that has happened is Malware Bytes did pop-up a little balloon icon to say that it had prevent Firefox.exe from using a port (if I remember correctly, it was a long night of work).

I will use the machine again tonight and note any odd behavior and let you know. Thanks again.

Re: Unknown Malware....8th August 2012, 11:44 am

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran TFC
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Re: Unknown Malware....9th August 2012, 8:50 am

I have created the system restore point, but when going into the Disk Cleanup, after the dialog window pops up there is no "More Options Tab".

Just a Disk Cleanup tab with a list of things with check boxes which select what to delete. Currently only:

Downloaded Program Files
Temporary Internet Files
Thumbnails

are selected for deletion.

Shall I go ahead and click on the disk cleanup? There are quite a few other check boxes but not selected.

Because there was not a More Options tab I didn't want to proceed and ruin all the work you've helped me with so far!

Please inform me on how to proceed.

Thanks.

Re: Unknown Malware....9th August 2012, 10:30 am

Go to Start > All Programs > Accessories > System Tools > System Restore.

Choose options to Create a restore point, pick a name, and Create.

THEN...

Open CCleaner, click the Tools tab... System Restore.

Highlight all Restore Points and select Remove.

The latest one you just created will not be deleted.

Let me know how it works!

Re: Unknown Malware....9th August 2012, 10:43 am

I don't get the option to create a system restore point via the way you mentioned. I went to my start>computer>(right-click)- properties>system protection

Then created the CLEAN restore point that you mentioned in the previous post.

I'm sorry to ask again, but since I have created the "CLEAN" system restore point, should I create another before running the CCleaner? And should I miss out the other steps you mentioned (OTL etc?). Or should I jusst

So far I have the CLEAN restore point and have done nothing else, I really don't want to misinterpert your instructions and take two steps backwards, it feels like we are so close to getting this sorted!

I'm sorry if it all seems obvious to you. Please instruct me how I should proceed after making that CLEAN restore point, but still unable to create a new restore point from the directions you suggested, only via the waay I told you I made the CLEAN restore point.

Sorry!

Re: Unknown Malware....9th August 2012, 5:59 pm

Go for the CCleaner method to delete the previous Restore Points.

Then, use CCleaner to clean all temporary files from the computer.

Lastly, run Security Check and post a log, please.

Re: Unknown Malware....10th August 2012, 6:45 am

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CleanMyPC - Registry Cleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Re: Unknown Malware....13th August 2012, 10:33 am

Update Adobe Reader

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

Read more about Java exploit problems

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Unknown Malware....

descriptionUnknown Malware....30th July 2012, 9:35 am

descriptionRe: Unknown Malware....30th July 2012, 9:38 am

descriptionRe: Unknown Malware....30th July 2012, 9:40 am

descriptionRe: Unknown Malware....30th July 2012, 9:42 am

descriptionRe: Unknown Malware....30th July 2012, 9:43 am

descriptionRe: Unknown Malware....30th July 2012, 9:45 am

descriptionRe: Unknown Malware....30th July 2012, 9:47 am

descriptionRe: Unknown Malware....30th July 2012, 9:50 am

descriptionRe: Unknown Malware....30th July 2012, 9:51 am

descriptionRe: Unknown Malware....30th July 2012, 10:07 am

descriptionRe: Unknown Malware....30th July 2012, 11:02 am

descriptionRe: Unknown Malware....30th July 2012, 11:03 am

descriptionRe: Unknown Malware....30th July 2012, 11:05 am

descriptionRe: Unknown Malware....31st July 2012, 11:15 am

descriptionRe: Unknown Malware....1st August 2012, 8:12 am

descriptionRe: Unknown Malware....1st August 2012, 7:36 pm

descriptionRe: Unknown Malware....2nd August 2012, 8:13 am

descriptionRe: Unknown Malware....2nd August 2012, 11:38 am

descriptionRe: Unknown Malware....2nd August 2012, 12:45 pm

descriptionRe: Unknown Malware....2nd August 2012, 8:23 pm

descriptionRe: Unknown Malware....3rd August 2012, 7:46 am

descriptionRe: Unknown Malware....3rd August 2012, 7:51 am

descriptionRe: Unknown Malware....3rd August 2012, 11:07 am

descriptionLog4th August 2012, 4:58 am

descriptionRe: Unknown Malware....4th August 2012, 4:20 pm

descriptionRe: Unknown Malware....5th August 2012, 8:09 am

descriptionRe: Unknown Malware....5th August 2012, 8:37 pm

descriptionRe: Unknown Malware....6th August 2012, 7:48 am

descriptionRe: Unknown Malware....6th August 2012, 6:56 pm

descriptionRe: Unknown Malware....8th August 2012, 5:49 am

descriptionRe: Unknown Malware....8th August 2012, 11:44 am

descriptionRe: Unknown Malware....9th August 2012, 8:50 am

descriptionRe: Unknown Malware....9th August 2012, 10:30 am

descriptionRe: Unknown Malware....9th August 2012, 10:43 am

descriptionRe: Unknown Malware....9th August 2012, 5:59 pm

descriptionRe: Unknown Malware....10th August 2012, 6:45 am

descriptionRe: Unknown Malware....13th August 2012, 10:33 am

descriptionRe: Unknown Malware....

Unknown Malware....30th July 2012, 9:35 am

Re: Unknown Malware....30th July 2012, 9:38 am

Re: Unknown Malware....30th July 2012, 9:40 am

Re: Unknown Malware....30th July 2012, 9:42 am

Re: Unknown Malware....30th July 2012, 9:43 am

Re: Unknown Malware....30th July 2012, 9:45 am

Re: Unknown Malware....30th July 2012, 9:47 am

Re: Unknown Malware....30th July 2012, 9:50 am

Re: Unknown Malware....30th July 2012, 9:51 am

Re: Unknown Malware....30th July 2012, 10:07 am

Re: Unknown Malware....30th July 2012, 11:02 am

Re: Unknown Malware....30th July 2012, 11:03 am

Re: Unknown Malware....30th July 2012, 11:05 am

Re: Unknown Malware....31st July 2012, 11:15 am

Re: Unknown Malware....1st August 2012, 8:12 am

Re: Unknown Malware....1st August 2012, 7:36 pm

Re: Unknown Malware....2nd August 2012, 8:13 am

Re: Unknown Malware....2nd August 2012, 11:38 am

Re: Unknown Malware....2nd August 2012, 12:45 pm

Re: Unknown Malware....2nd August 2012, 8:23 pm

Re: Unknown Malware....3rd August 2012, 7:46 am

Re: Unknown Malware....3rd August 2012, 7:51 am

Re: Unknown Malware....3rd August 2012, 11:07 am

Log4th August 2012, 4:58 am

Re: Unknown Malware....4th August 2012, 4:20 pm

Re: Unknown Malware....5th August 2012, 8:09 am

Re: Unknown Malware....5th August 2012, 8:37 pm

Re: Unknown Malware....6th August 2012, 7:48 am

Re: Unknown Malware....6th August 2012, 6:56 pm

Re: Unknown Malware....8th August 2012, 5:49 am

Re: Unknown Malware....8th August 2012, 11:44 am

Re: Unknown Malware....9th August 2012, 8:50 am

Re: Unknown Malware....9th August 2012, 10:30 am

Re: Unknown Malware....9th August 2012, 10:43 am

Re: Unknown Malware....9th August 2012, 5:59 pm

Re: Unknown Malware....10th August 2012, 6:45 am

Re: Unknown Malware....13th August 2012, 10:33 am

Re: Unknown Malware....