Paul_Lynch

Members
  • Content count

    14
  • Joined

  • Last visited

About Paul_Lynch

  • Rank
    New Member
  • Birthday 10/08/1985

Profile Information

  • Location
    Halifax, England. UK
  • Interests
    Music & Films all day everyday!
  1. haha, thats my fiance so its many more years of loving whether i like it or not! all done and uninstalled the programs i dont need. thanks a lot again mate, saved me from going insane! hah.
  2. Well by looks of it everything seems fine mate. Chrome has reinstalled and seems to be working, and the malwarebyte now runs as it should! So thank you very much for your time Maniac, I really appreciate it. I get paid at the weekend so i will be sure to donate some money for your time and effort. Thanks again!
  3. i dont think the Kasperskey found anything serious. and the malwarebyte now runs normally from the desktop, of which it wouldnt before. goin off all the previous logs do you think it is ok now?
  4. Hi. im trying to copy and paste the AVP Log in but its way too big, ive tried doing it in 2 parts, 4, parts, its still too big, it just crashes the page. is there anyway i could email you the log as a notepad attachment or something, or have you any tips of getting to send it in this forum a bit easier? many thanks and Happy Birthday
  5. hi. there. not sure if this is the correct log but this is all it came up with. Cheers. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  6. ah yeah, when i copied and pasted it straight from above it did it all in one line once it was in the OTL. heres Log, thanks. All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found. Registry value HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found. HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found. Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found. Registry key HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully. C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{338B4DFE-2E2C-4338-9E41-E176D497299E} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{338B4DFE-2E2C-4338-9E41-E176D497299E}\ not found. Registry value HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BfcQvyfn deleted successfully. C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe moved successfully. File move failed. C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe scheduled to be moved on reboot. Folder C:\Program Files (x86)\uTorrentControl2\ not found. C:\Program Files (x86)\Yontoo folder moved successfully. Folder C:\Program Files (x86)\uTorrent\ not found. C:\Users\Lynchy\AppData\Local\syjpmxpn folder moved successfully. File C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk not found. File C:\Users\Public\Desktop\µTorrent.lnk not found. File move failed. C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe scheduled to be moved on reboot. Folder C:\Users\Lynchy\AppData\Roaming\uTorrent\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Lynchy\Desktop\cmd.bat deleted successfully. C:\Users\Lynchy\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lynchy ->Temp folder emptied: 5392078 bytes ->Temporary Internet Files folder emptied: 12033953 bytes ->Java cache emptied: 473736 bytes ->Flash cache emptied: 3374 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 904066 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 18.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.0 log created on 07192012_171747 Files\Folders moved on Reboot... C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe moved successfully. C:\Users\Lynchy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe not found! File C:\Users\Lynchy\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...
  7. Hi there. ive copied the text into the box in the OTL but it keeps just rebooting straight away, then when laptop comes back on there is this log: All processes killed Error: Unable to interpret <:OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mp3rocket/%7B2709E692-8504-43AB-958E-70A9147980B4IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=341e28f8000000000000e0915337f1cb&tlver=1.4.19.19&affID=17161IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/mp3rocket/%7B86159C73-FD28-460B-B539-D7> in the current context! Error: Unable to interpret <EE9E15F789%7D?q={searchTermsIE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OypS80pF5&i=26IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>[2012/07/16 12:49:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}[2011/03/09 18:11:23 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xmlO2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) > in the current context! Error: Unable to interpret <- {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found.O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe ()O4 - Startup: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe ()[2012/07/16 12:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2[2012/07/16 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo[2012/07/16 12:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent[2012/07/08 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\syjpmxpn[2012/07/16 12:48:26 | 000,000,974 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer> in the current context! Error: Unable to interpret <\Quick Launch\µTorrent.lnk[2012/07/16 12:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk[2012/07/08 05:48:11 | 000,099,675 | --S- | M] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe[2012/07/17 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\uTorrent:filesipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.54.0 log created on 07192012_001637 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  8. OTL logfile created on: 17/07/2012 21:52:58 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Lynchy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.97 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 70.33% Memory free 7.93 Gb Paging File | 6.01 Gb Available in Paging File | 75.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290.04 Gb Total Space | 52.45 Gb Free Space | 18.08% Space Free | Partition Type: NTFS Computer Name: LYNCHY-PC | User Name: Lynchy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/17 21:51:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe PRC - [2012/07/09 13:41:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe PRC - [2012/07/09 13:41:47 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012/05/29 03:46:28 | 000,932,528 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/12/09 11:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010/03/16 18:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ========== Modules (No Company Name) ========== MOD - [2012/07/09 13:41:49 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll MOD - [2012/07/09 13:41:47 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012/05/29 03:46:28 | 000,932,528 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/03/16 18:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe MOD - [2010/03/16 18:14:46 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\Media_DSG.dll MOD - [2009/11/17 18:21:06 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SoilIO.dll MOD - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe MOD - [2005/04/29 17:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE) SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/07/11 19:13:52 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai) SRV - [2012/07/11 18:27:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/07/09 13:41:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/10 03:38:17 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/11/29 12:23:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/17 20:45:26 | 000,867,824 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SPTD.SYS -- (sptd) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/26 19:00:00 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010/05/21 19:36:30 | 001,108,000 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010/02/25 12:26:58 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits) DRV:64bit: - [2009/12/11 18:28:52 | 000,017,912 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SoilIO.sys -- (SoilIO) DRV:64bit: - [2009/12/03 11:04:16 | 000,013,304 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SoilMC.sys -- (SoilMC) DRV:64bit: - [2009/12/03 11:03:50 | 000,013,816 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Soilkbc.sys -- (soilkbc) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/08 08:02:14 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem) DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag) DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/06/08 07:57:40 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4} IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/ IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=341e28f8000000000000e0915337f1cb&tlver=1.4.19.19&affID=17161 IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={070C34DE-7425-4BF1-84B2-AE4C6568450F}&mid=69d6a4936b7847d6a4361cb0cb3ba0fc-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=AVG&pr=fr&d=2012-07-09 13:41:54&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/mp3rocket/{86159C73-FD28-460B-B539-D7EE9E15F789}?q={searchTerms} IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6OypS80pF5&i=26 IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/09 13:40:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/09 13:40:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 13:42:03 | 000,000,000 | ---D | M] [2012/07/16 12:49:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions [2012/07/16 12:49:04 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/07/16 12:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lynchy\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}.oldbackup [2012/01/15 14:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/03/09 18:11:23 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2012/07/17 12:55:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. O3 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [Akamai NetSession Interface] C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe () O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [spotify Web Helper] C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe () O4 - HKU\S-1-5-21-847241449-3843327803-101957182-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/02/11 13:05:07 | 000,000,000 | ---D | M] - C:\Automatically Add to iTunes -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/17 21:51:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe [2012/07/17 13:02:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/07/17 13:02:51 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/07/16 21:08:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/16 21:08:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/16 21:08:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/16 21:08:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/16 21:08:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/07/16 21:08:00 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Lynchy\Desktop\ComboFix.exe [2012/07/16 15:21:07 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Lynchy\Desktop\aswMBR.exe [2012/07/16 15:05:56 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Roaming\Malwarebytes [2012/07/16 15:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/16 15:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/16 15:05:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/16 15:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/16 15:03:38 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\Desktop\mbam-chameleon [2012/07/16 12:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrentControl2 [2012/07/16 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012/07/16 12:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/07/16 12:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2012/07/12 06:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/07/12 06:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/07/12 06:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/07/12 04:52:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/07/10 03:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2012/07/09 21:20:37 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com [2012/07/09 21:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012/07/09 21:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/07/09 21:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012/07/09 13:42:09 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\AVG Secure Search [2012/07/09 13:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/07/09 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012/07/09 13:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012/07/09 13:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/07/09 13:40:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG [2012/07/08 05:48:15 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\syjpmxpn [2012/07/06 19:39:06 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\Apps [2012/07/06 19:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lynchy\AppData\Local\Deployment [2011/03/01 22:48:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/17 21:51:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lynchy\Desktop\OTL.exe [2012/07/17 21:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/07/17 19:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/17 13:12:43 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/17 13:12:43 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/17 13:04:34 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys [2012/07/17 12:55:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/07/16 21:08:23 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Lynchy\Desktop\ComboFix.exe [2012/07/16 15:21:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Lynchy\Desktop\aswMBR.exe [2012/07/16 15:05:52 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/16 12:48:26 | 000,000,974 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/07/16 12:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/15 22:01:29 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/15 22:01:29 | 000,665,444 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/15 22:01:29 | 000,125,890 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/12 06:26:21 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/12 04:10:48 | 004,980,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/10 03:38:17 | 000,030,496 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012/07/10 03:36:48 | 000,002,988 | ---- | M] () -- C:\Windows\SysNative\.crusader [2012/07/09 21:20:29 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/07/09 17:17:55 | 000,531,481 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/07/09 12:36:13 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys [2012/07/09 12:36:13 | 000,007,859 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.cat [2012/07/09 12:36:12 | 000,001,167 | ---- | M] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.inf [2012/07/09 12:35:40 | 101,300,814 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/07/08 05:48:11 | 000,099,675 | --S- | M] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe [2012/07/06 19:35:48 | 000,001,261 | ---- | M] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/16 21:08:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/16 21:08:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/16 21:08:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/16 21:08:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/16 21:08:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/16 15:05:52 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/16 12:48:26 | 000,000,974 | ---- | C] () -- C:\Users\Lynchy\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2012/07/16 12:48:26 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2012/07/12 06:26:21 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/12 04:55:13 | 000,002,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OSD.lnk [2012/07/12 04:55:13 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk [2012/07/10 03:38:17 | 000,030,496 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys [2012/07/10 03:36:47 | 000,002,988 | ---- | C] () -- C:\Windows\SysNative\.crusader [2012/07/09 21:20:29 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012/07/08 19:04:42 | 000,099,675 | --S- | C] () -- C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe [2012/01/11 19:11:26 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/03/01 22:48:59 | 000,007,859 | ---- | C] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.cat [2011/03/01 22:48:59 | 000,001,167 | ---- | C] () -- C:\Users\Lynchy\AppData\Roaming\pcouffin.inf [2010/12/13 15:56:32 | 000,766,068 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/12/13 13:05:46 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010/12/13 12:56:07 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/08/25 18:57:20 | 001,073,664 | ---- | C] () -- C:\Windows\TGConfig_VS08.exe ========== LOP Check ========== [2012/03/14 03:34:27 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Aimersoft Video Converter Pro [2011/10/21 18:09:15 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\AVG2012 [2011/02/14 03:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/07/09 21:56:48 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\MP3Rocket [2012/06/12 13:50:46 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\SoftGrid Client [2011/02/17 19:24:49 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Sony [2011/02/17 19:24:39 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Sony Creative Software Inc [2012/07/03 11:10:07 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Spotify [2011/06/18 20:16:49 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/02/17 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\StarBurn [2011/12/21 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Temp [2011/02/11 16:33:01 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\TP [2012/07/17 14:51:52 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\uTorrent [2012/07/12 06:28:26 | 000,000,000 | ---D | M] -- C:\Users\Lynchy\AppData\Roaming\Vso [2012/07/12 18:20:36 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 17/07/2012 21:52:58 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Lynchy\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.97 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 70.33% Memory free 7.93 Gb Paging File | 6.01 Gb Available in Paging File | 75.77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 290.04 Gb Total Space | 52.45 Gb Free Space | 18.08% Space Free | Partition Type: NTFS Computer Name: LYNCHY-PC | User Name: Lynchy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07C15103-8911-4740-A016-D647B173107D}" = rport=445 | protocol=6 | dir=out | app=system | "{107D7C46-692A-45E2-BA44-C979C052D16C}" = lport=137 | protocol=17 | dir=in | app=system | "{11C9DB80-D58A-4CA6-864D-A3934197C45E}" = lport=445 | protocol=6 | dir=in | app=system | "{13CBB78E-D163-4B79-BF0C-75CE100CDBB0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{156A91A9-D79D-4DC9-94D4-436EEF3EB2FF}" = rport=10243 | protocol=6 | dir=out | app=system | "{1AC36803-4A3D-4A12-94D3-62D591804937}" = lport=49244 | protocol=6 | dir=in | name=akamai netsession interface | "{2492A9FB-D37D-4616-A3F6-D10340575CA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2F8DAA2E-36C6-43FB-8B28-6B7354B9E4D7}" = lport=10243 | protocol=6 | dir=in | app=system | "{31E46A9A-D197-4B97-A0A3-318D3C29E3C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3E67F6D3-6187-4512-A1D4-06AC092713F7}" = lport=139 | protocol=6 | dir=in | app=system | "{3E706D8C-72E4-471C-AAD4-89B8108DAE16}" = rport=139 | protocol=6 | dir=out | app=system | "{450BEF3C-143B-4381-B421-8D7D1EC868F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4D4EE774-3F14-4202-8777-89244A28919C}" = rport=138 | protocol=17 | dir=out | app=system | "{4EED0124-D108-4C7E-8208-98D474874433}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{59B4E93B-BD86-48B2-ADF9-DD23D2679E2F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{767048C0-C41A-4685-B848-0DA29FF456FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{7FC539BA-67DB-45F2-9B6F-CB301182AE1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{94561B7F-7928-41B2-A601-BC061933191D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{97E9DECB-17EA-4058-A4AB-927383DDAD43}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{9EE30804-1FFA-4ABE-B1D6-179C63C09E9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A039C227-105F-4CFC-926C-D0AD008E3A1B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8E41FA6-81A3-4CA8-9805-8657A91A14F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C4A852AA-DEC0-4AFD-ADE4-A5EF2CAF98EA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{CA4AA52C-B450-43C7-AF72-3A310523E290}" = lport=138 | protocol=17 | dir=in | app=system | "{CCDD7891-06C4-47D5-AF5F-3FD8DF219C95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{E6E74A08-01FF-4FF5-A70A-96780383051C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{E7374BE7-DC63-4ED7-AAB4-A8F8D4375D69}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery | "{E9E4E6F7-190E-4BCD-97EB-DBC1FC005063}" = lport=2869 | protocol=6 | dir=in | app=system | "{EF2BCD12-017E-4519-82D0-544F49F5B1F9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | "{F2206FDC-DB56-45E5-9DEE-3AEA8E0FEBCA}" = rport=137 | protocol=17 | dir=out | app=system | "{F5CA7AE2-21DD-4009-8D65-A6DCBE7B6CAB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FB3FCAA8-2E98-4035-9CE7-A5971EC27A04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08EA34A8-4BEC-480F-BEA0-F6D0248A0F73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{09995B30-A7CB-4793-8BCF-5873DA476507}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{0BE6A23E-0A06-4A5D-9D5F-52D51C72EBD6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{113AE6A0-5937-4D23-8F7E-7467FCB4538C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{13DF9579-3AAB-47D4-85AC-5E034E96AD5F}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{17678E96-845F-4E51-96B8-11F2CECC9E34}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "{22EB7DF4-771D-4E71-B999-8F17F914F4B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3BD1AF93-5A8B-4243-9AD6-C67EFE6E6301}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E6FCC43-C9E6-4373-A3A5-C23088980642}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{41F346BE-A85A-43F0-A70F-03C185FFCE43}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{43F4D41E-9FEB-4146-8B02-3B40DDEA5945}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{44B0BD3B-EFE3-44F2-8118-73E886EFFD17}" = protocol=6 | dir=in | app=c:\users\lynchy\downloads\aviconvertersetup.exe | "{4606693C-9F3B-41B2-B1B2-CF8EBC48696F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4BE38FBC-FB3F-4ABB-BC88-718CEA05A165}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe | "{4FAD35A5-7472-48C0-A18A-0F79AFA1A421}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{5B85A43C-B41D-4B7B-81BF-10C19C514175}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{61A32CA2-F909-456D-A6EC-7112FFB9199D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{6A064700-A8FF-4963-81B9-618087E41D1C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{6C177297-79FD-484D-87BC-CB4B1929D3A6}" = protocol=6 | dir=out | app=system | "{6FC1E03C-613C-41EE-A7C8-919537541587}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{70636060-F980-42D5-AB5B-3A20B435B2E9}" = protocol=17 | dir=in | app=c:\users\lynchy\downloads\aviconvertersetup.exe | "{70C89A7C-C96E-4F1D-8045-EF6040D9C25B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{7660268B-3082-408D-8631-3A33B626A967}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{7B1761D4-EA98-498A-B14B-4A808FB1C9A4}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{8005AC10-B498-4F72-A890-8246A0A68BF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{830CB878-C9C8-43EB-92F2-367D717F67CF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{83E7FBF4-65AE-437E-BD36-62769F169E6E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8C5AE16D-EA49-45A6-BACD-E140B1108915}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{921EDAF4-8DA4-44C0-853B-05684B23B1C7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{99F1CB47-3439-4B04-B050-FCB12A153FFC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{9C5A5FE2-C933-40C7-A37D-FB00107E4586}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9FEC6252-3EC1-46DC-9443-8447DACD1709}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A2C9527D-777F-4E51-A68E-E4C34DF1C5F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A2D2983B-B65F-4261-BE44-056A447A216D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A452D07C-7B25-4BCA-AC05-25F00DE4D0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | "{A907A442-9FF2-481C-A4B8-A042F0112880}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC2E4DAF-7DAC-4485-BFE0-77DF6B8808C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{AF4BC677-FB0D-4356-9D1B-24902DE7F5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{B278315A-50BF-4AE7-B62D-99491735C429}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B2F25BC5-9837-41BC-85AF-B16D9665C4DD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | "{B33F6E82-62F0-4056-B8B6-742C49FA9120}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B9B6A054-B5A0-4930-9B97-69E63883A5F7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{BF4AB69D-144E-459F-82B5-938B4F46B20D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C2E3855E-6888-49C2-9337-C11C4E1227F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C71EC34D-D11B-467F-9526-0B73045BE434}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C781F4B9-C288-4603-92DD-A04F3C5F9BBC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{CA0198FB-385F-42A1-9A0B-8ECBEFADE2FA}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe | "{CC0EC3E9-1863-4AC0-B1A9-A71025BBEB58}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CEBA6BAE-E85C-48D4-8F23-B00B51688EF2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe | "{D1945F79-0AA6-4070-9011-1E6CBE0A8AED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | "{D689E748-A1D7-4F4A-89FE-7100A6F77AA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe | "{D6E18BAA-F870-4B98-A439-853B32698C56}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe | "{D9ACFDBC-9DD1-4572-B04D-E51BFC459A95}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{DAD22D7B-FA16-443B-AD3A-1DF967292DBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E6C80013-75DE-4320-8F4C-996C79365CB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F8E38863-E140-4502-A375-131DC0BEE307}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{F9868F60-F344-4AA7-859B-C97ACF8B002F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe | "{FAB1025D-6612-4E0A-8204-FACAE7B2FC94}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FCF0D8D6-8721-4FC0-93B0-5D8F0A87CD00}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe | "{FD43684B-DE68-4E7C-9AA0-30CA7D6DC648}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe | "TCP Query User{0F64FBAE-530E-44E8-9215-148E4F4EBDDA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{1F0C8973-B705-4C34-B053-8A2022EEC40E}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe | "TCP Query User{4EB9AAB3-4E55-41D9-AEE6-70EB57D7B0BA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{694BAFD3-E76A-41CF-92E4-7E756D1B9F9C}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe | "TCP Query User{6B8AA498-C946-4288-B8B3-09112A89F61D}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "TCP Query User{70B791BA-18EC-4BF0-BD77-3EB49AF85E78}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "TCP Query User{716A7141-30E2-4247-806C-3E6BB64EA0D0}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe | "TCP Query User{7F961066-6D5E-468A-9A9D-A25FA9BC6BD0}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{94600F4D-CBC5-4D43-887C-F786FB194BE3}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "TCP Query User{A9DC06C5-A7C2-4FE7-9E7E-F8C6C3586341}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe | "TCP Query User{BC29E813-C92E-48AB-ACF1-CE0E5E4CCA1B}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe | "TCP Query User{BE223B24-1B4E-48C0-97FA-E26A09169066}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "UDP Query User{07D9DC01-C1F5-4954-BE45-3A79EAE66587}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe | "UDP Query User{2028EBF6-8245-43D7-B592-88237ED73CA3}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{614EBBDB-FA5C-41F6-8CF0-EB5FAFA8E94B}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe | "UDP Query User{7675413C-6112-4BEC-B2DD-72575D959A9E}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "UDP Query User{A55DF648-855C-43D9-AF4A-18E027FF8E4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{A7DDEEB7-93EE-4117-9D44-C3EF75D963CC}C:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0_01\bin\javaw.exe | "UDP Query User{C688FD11-4524-4053-B290-9BC1F7C840C5}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "UDP Query User{C7BCF4E7-AF1B-4500-9355-8016C679A755}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{CBBD6A49-2C0A-47B6-963C-CE020BCF013F}C:\users\lynchy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\roaming\spotify\spotify.exe | "UDP Query User{D27DBC69-041F-485E-8ECE-AAA00C01ED3F}C:\users\lynchy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lynchy\appdata\local\akamai\netsession_win.exe | "UDP Query User{DC1E3243-37C1-44AD-8DB1-7E4EE0B7F7A8}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{F73DD828-99C3-4714-B8C8-369EEC7DA552}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}" = Driver 1.3 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2012 "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "WinRAR archiver" = WinRAR 4.00 beta 6 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}" = DSG OSD 1.01 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 26 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0 "{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{56BA241F-580C-43D2-8403-947241AAE633}" = center "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials "{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DtsFilter" = DTS+AC3 Filter "GOM Player" = GOM Player "Intel AppUp(SM) center 12358" = Intel AppUp(SM) center "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300 "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad) "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Spotify" = Spotify "uTorrent" = µTorrent "uTorrentControl2 Toolbar" = uTorrentControl2 Toolbar "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-847241449-3843327803-101957182-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Spotify" = Spotify "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5024 Error - 31/05/2012 14:20:33 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5024 Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 6022 Error - 31/05/2012 14:20:34 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 6022 Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 7021 Error - 31/05/2012 14:20:35 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 7021 Error - 31/05/2012 14:20:36 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/05/2012 14:20:36 | Computer Name = Lynchy-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8019 [ System Events ] Error - 16/07/2012 16:14:19 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 16/07/2012 16:17:22 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 16/07/2012 16:26:19 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 16/07/2012 16:27:25 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 Error - 17/07/2012 07:43:16 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7031 Description = The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error - 17/07/2012 07:50:01 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 17/07/2012 07:53:18 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 17/07/2012 07:53:19 | Computer Name = Lynchy-PC | Source = Application Popup | ID = 1060 Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 17/07/2012 07:54:11 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 17/07/2012 07:55:23 | Computer Name = Lynchy-PC | Source = Service Control Manager | ID = 7023 Description = The Windows Defender service terminated with the following error: %%126 < End of report >
  9. i hope i'm doing all this correct coz i dont really know what im doing! haha. thanks. ComboFix 12-07-16.01 - Lynchy 17/07/2012 12:45:40.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2963 [GMT 1:00] Running from: c:\users\Lynchy\Desktop\ComboFix.exe Command switches used :: c:\users\Lynchy\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Lynchy\AppData\Local\cgfiwxkm.log c:\users\Lynchy\AppData\Local\dwjvsurj.log c:\users\Lynchy\AppData\Local\ewclqfud.log c:\users\Lynchy\AppData\Local\gggsryxr.log c:\users\Lynchy\AppData\Local\hpadyqbh.log c:\users\Lynchy\AppData\Local\oygjqnva.log c:\users\Lynchy\AppData\Local\qrwgdmag.log c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe c:\users\Lynchy\AppData\Local\ugpvivwe.log . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 11:54 . 2012-07-17 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\users\Lynchy\AppData\Roaming\Malwarebytes 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\programdata\Malwarebytes 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-16 14:05 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\programdata\Tarma Installer 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\uTorrent 2012-07-12 05:35 . 2012-07-12 07:34 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-07-12 05:26 . 2012-07-12 05:26 -------- d-----w- c:\program files\CCleaner 2012-07-12 02:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 02:38 . 2012-07-10 02:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-07-10 02:26 . 2012-07-10 02:36 -------- d-----w- c:\programdata\HitmanPro 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-09 12:42 . 2012-07-09 12:42 -------- d-----w- c:\users\Lynchy\AppData\Local\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-07-09 12:40 . 2012-07-09 12:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-08 18:04 . 2012-07-08 04:48 99675 --s---w- c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe 2012-07-08 04:48 . 2012-07-17 11:53 -------- d-----w- c:\users\Lynchy\AppData\Local\syjpmxpn 2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\Lynchy\AppData\Local\Apps 2012-07-06 18:39 . 2012-07-10 03:05 -------- d-----w- c:\users\Lynchy\AppData\Local\Deployment 2012-06-21 18:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 18:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 18:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 18:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 18:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 18:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 18:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 18:27 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 18:27 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 17:27 . 2012-04-24 03:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 17:27 . 2012-01-27 19:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-09 11:36 . 2011-03-01 21:48 82816 ----a-w- c:\users\Lynchy\AppData\Roaming\pcouffin.sys 2012-05-04 11:06 . 2012-06-13 15:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 15:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 15:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 15:11 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 15:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 15:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 15:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 15:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 15:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 15:11 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 15:11 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 15:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 15:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 15:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-16_20.28.26 ))))))))))))))))))))))))))))))))))))))))) . - 2012-07-16 20:26 . 2012-07-16 20:26 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-07-17 11:54 . 2012-07-17 11:54 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2012-07-16 19:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-16 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-16 21:21 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-16 19:57 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-16 21:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-16 19:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-08-03 07:55 . 2012-07-16 20:52 47570 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-17 11:57 60052 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-10 23:17 . 2012-07-17 11:57 20222 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847241449-3843327803-101957182-1001_UserData.bin + 2011-02-10 21:44 . 2012-07-17 11:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-10 21:44 . 2012-07-16 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-02-10 21:44 . 2012-07-17 11:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-02-10 21:44 . 2012-07-16 20:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-17 11:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-16 20:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-17 10:25 . 2012-07-17 10:25 9560 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_48.bin + 2012-07-17 10:25 . 2012-07-17 10:25 4280 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_32.bin + 2012-07-17 10:25 . 2012-07-17 10:25 2456 c:\windows\system32\NetworkList\Icons\{E9FC6925-F2BD-4B9E-9D22-554CAEEA3490}_24.bin - 2012-07-16 20:27 . 2012-07-16 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-17 11:55 . 2012-07-17 11:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-16 20:27 . 2012-07-16 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-17 11:55 . 2012-07-17 11:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-12-13 07:52 . 2012-07-17 11:30 406252 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin - 2009-07-14 05:01 . 2012-07-16 20:26 471484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-17 11:54 471484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-10 23:13 . 2012-07-17 11:54 4812835 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-847241449-3843327803-101957182-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 12:41 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-16 895376] "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072] "Spotify Web Helper"="c:\users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-29 932528] "Akamai NetSession Interface"="c:\users\Lynchy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "BfcQvyfn"="c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2010-12-13 1300] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] "Conime"="c:\windows\system32\conime.exe" [bU] . c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ bfcqvyfn.exe [2012-7-8 99675] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A] OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-12-13 4286] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-10 30496] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 164464] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-11-29 82816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-17 867824] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SoilIO;SoilIO; [x] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-21 1108000] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 soilkbc;soilkbc; [x] S3 SoilMC;SoilMC; [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uStart Page = https://www.google.co.uk/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4} mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b, 9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8 "{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98, 37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af, f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:19,0e,3f,7b,4f,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-07-17 13:02:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-17 12:02 ComboFix2.txt 2012-07-16 20:44 . Pre-Run: 57,657,303,040 bytes free Post-Run: 57,375,330,304 bytes free . - - End Of File - - 17356A537D1964CB683AF2769B379358
  10. CombiFix Log as requested. thanks. ComboFix 12-07-16.01 - Lynchy 16/07/2012 21:10:53.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2483 [GMT 1:00] Running from: c:\users\Lynchy\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\myapp.exe c:\program files (x86)\myapp.exe\Chameleon\chameleon.chm c:\program files (x86)\myapp.exe\Chameleon\firefox.com c:\program files (x86)\myapp.exe\Chameleon\firefox.exe c:\program files (x86)\myapp.exe\Chameleon\firefox.pif c:\program files (x86)\myapp.exe\Chameleon\firefox.scr c:\program files (x86)\myapp.exe\Chameleon\iexplore.exe c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.com c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.exe c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.pif c:\program files (x86)\myapp.exe\Chameleon\mbam-chameleon.scr c:\program files (x86)\myapp.exe\Chameleon\mbam-killer.exe c:\program files (x86)\myapp.exe\Chameleon\rundll32.exe c:\program files (x86)\myapp.exe\Chameleon\svchost.exe c:\program files (x86)\myapp.exe\Chameleon\winlogon.exe c:\program files (x86)\myapp.exe\changes.rtf c:\program files (x86)\myapp.exe\Languages\arabic.lng c:\program files (x86)\myapp.exe\Languages\bosnian.lng c:\program files (x86)\myapp.exe\Languages\bulgarian.lng c:\program files (x86)\myapp.exe\Languages\catalan.lng c:\program files (x86)\myapp.exe\Languages\chineseSI.lng c:\program files (x86)\myapp.exe\Languages\chineseTR.lng c:\program files (x86)\myapp.exe\Languages\croatian.lng c:\program files (x86)\myapp.exe\Languages\czech.lng c:\program files (x86)\myapp.exe\Languages\danish.lng c:\program files (x86)\myapp.exe\Languages\dutch.lng c:\program files (x86)\myapp.exe\Languages\english.lng c:\program files (x86)\myapp.exe\Languages\estonian.lng c:\program files (x86)\myapp.exe\Languages\finnish.lng c:\program files (x86)\myapp.exe\Languages\french.lng c:\program files (x86)\myapp.exe\Languages\german.lng c:\program files (x86)\myapp.exe\Languages\greek.lng c:\program files (x86)\myapp.exe\Languages\hebrew.lng c:\program files (x86)\myapp.exe\Languages\hungarian.lng c:\program files (x86)\myapp.exe\Languages\italian.lng c:\program files (x86)\myapp.exe\Languages\latvian.lng c:\program files (x86)\myapp.exe\Languages\lithuanian.lng c:\program files (x86)\myapp.exe\Languages\macedonian.lng c:\program files (x86)\myapp.exe\Languages\norwegian.lng c:\program files (x86)\myapp.exe\Languages\polish.lng c:\program files (x86)\myapp.exe\Languages\portugueseBR.lng c:\program files (x86)\myapp.exe\Languages\portuguesePT.lng c:\program files (x86)\myapp.exe\Languages\romanian.lng c:\program files (x86)\myapp.exe\Languages\russian.lng c:\program files (x86)\myapp.exe\Languages\serbian.lng c:\program files (x86)\myapp.exe\Languages\slovak.lng c:\program files (x86)\myapp.exe\Languages\slovenian.lng c:\program files (x86)\myapp.exe\Languages\spanish.lng c:\program files (x86)\myapp.exe\Languages\swedish.lng c:\program files (x86)\myapp.exe\Languages\thai.lng c:\program files (x86)\myapp.exe\Languages\turkish.lng c:\program files (x86)\myapp.exe\Languages\vietnamese.lng c:\program files (x86)\myapp.exe\license.txt c:\program files (x86)\myapp.exe\mbam.chm c:\program files (x86)\myapp.exe\mbam.dll c:\program files (x86)\myapp.exe\mbam.exe c:\program files (x86)\myapp.exe\mbamcore.dll c:\program files (x86)\myapp.exe\mbamext.dll c:\program files (x86)\myapp.exe\mbamgui.exe c:\program files (x86)\myapp.exe\mbamnet.dll c:\program files (x86)\myapp.exe\mbampt.exe c:\program files (x86)\myapp.exe\mbamservice.exe c:\program files (x86)\myapp.exe\ssubtmr6.dll c:\program files (x86)\myapp.exe\unins000.dat c:\program files (x86)\myapp.exe\unins000.exe c:\program files (x86)\myapp.exe\unins000.msg c:\program files (x86)\myapp.exe\vbalsgrid6.ocx c:\programdata\E1010.tmp c:\programdata\OSD10.tmp c:\users\Lynchy\AppData\Local\cgfiwxkm.log c:\users\Lynchy\AppData\Local\dwjvsurj.log c:\users\Lynchy\AppData\Local\ewclqfud.log c:\users\Lynchy\AppData\Local\gggsryxr.log c:\users\Lynchy\AppData\Local\hpadyqbh.log c:\users\Lynchy\AppData\Local\oygjqnva.log c:\users\Lynchy\AppData\Local\qrwgdmag.log c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe c:\users\Lynchy\AppData\Local\Temp\{7E788454-790A-450D-9E57-A1A7F3D67E10}\fpb.tmp c:\users\Lynchy\AppData\Local\ugpvivwe.log c:\users\Lynchy\AppData\Roaming\inst.exe c:\users\Lynchy\AppData\Roaming\vso_ts_preview.xml . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\users\Lynchy\AppData\Roaming\Malwarebytes 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\programdata\Malwarebytes 2012-07-16 14:05 . 2012-07-16 14:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-16 14:05 . 2012-07-03 12:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\Yontoo 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\programdata\Tarma Installer 2012-07-16 11:48 . 2012-07-16 11:48 -------- d-----w- c:\program files (x86)\uTorrent 2012-07-12 05:35 . 2012-07-12 07:34 -------- d-----w- c:\program files (x86)\VS Revo Group 2012-07-12 05:26 . 2012-07-12 05:26 -------- d-----w- c:\program files\CCleaner 2012-07-12 02:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-10 02:38 . 2012-07-10 02:38 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-07-10 02:26 . 2012-07-10 02:36 -------- d-----w- c:\programdata\HitmanPro 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-09 20:20 . 2012-07-09 20:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-09 12:42 . 2012-07-09 12:42 -------- d-----w- c:\users\Lynchy\AppData\Local\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:42 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-07-09 12:41 . 2012-07-09 12:41 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-07-09 12:40 . 2012-07-09 12:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-08 18:04 . 2012-07-08 04:48 99675 --s---w- c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe 2012-07-08 04:48 . 2012-07-16 20:22 -------- d-----w- c:\users\Lynchy\AppData\Local\syjpmxpn 2012-07-06 18:39 . 2012-07-06 18:39 -------- d-----w- c:\users\Lynchy\AppData\Local\Apps 2012-07-06 18:39 . 2012-07-10 03:05 -------- d-----w- c:\users\Lynchy\AppData\Local\Deployment 2012-06-21 18:29 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 18:29 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 18:29 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 18:29 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 18:29 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 18:29 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 18:29 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 18:27 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 18:27 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 17:27 . 2012-04-24 03:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 17:27 . 2012-01-27 19:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-09 11:36 . 2011-03-01 21:48 82816 ----a-w- c:\users\Lynchy\AppData\Roaming\pcouffin.sys 2012-05-04 11:06 . 2012-06-13 15:11 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 15:11 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 15:11 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 15:11 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 15:11 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 15:12 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 15:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 15:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 15:11 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 15:11 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 15:11 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 15:11 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 15:11 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 15:11 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-09 12:41 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208] "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-16 895376] "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-26 4787072] "Spotify Web Helper"="c:\users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-29 932528] "Akamai NetSession Interface"="c:\users\Lynchy\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2010-12-13 1300] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] . c:\users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ bfcqvyfn.exe [2012-7-8 99675] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A] OSD.lnk - c:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe [2010-12-13 4286] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 hitmanpro36;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-07-10 30496] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-05-26 164464] R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-11-29 82816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-12 1255736] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x] R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-02-17 867824] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SoilIO;SoilIO; [x] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-05-21 1108000] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 soilkbc;soilkbc; [x] S3 SoilMC;SoilMC; [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 17:27] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = https://www.google.co.uk/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4} mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Toolbar-Locked - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-BfcQvyfn - c:\users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe Wow6432Node-HKLM-Run-Aimersoft Helper Compact.exe - c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b, 9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8 "{338B4DFE-2E2C-4338-9E41-E176D497299E}"=hex:51,66,7a,6c,4c,1d,38,12,90,4e,98, 37,1e,60,56,06,e1,57,a2,36,d1,c9,6d,8a "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af, f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:19,0e,3f,7b,4f,26,cd,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2012-07-16 21:44:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-16 20:44 . Pre-Run: 58,624,499,712 bytes free Post-Run: 58,261,377,024 bytes free . - - End Of File - - 51C17B52390716698B931319FA89B658
  11. Thanks maniac. heres the 3 logs as requested. Again, i appreciate this. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.16.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lynchy :: LYNCHY-PC [administrator] 16/07/2012 15:12:58 mbam-log-2012-07-16 (15-17-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213972 Time elapsed: 4 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BfcQvyfn (Trojan.Ransom) -> Data: C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe (Trojan.Ransom) -> No action taken. C:\Users\Lynchy\AppData\Local\Temp\skalbbewfdjxwndi.exe (Trojan.Ransom) -> No action taken. (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-16 15:21:29 ----------------------------- 15:21:29.954 OS Version: Windows x64 6.1.7601 Service Pack 1 15:21:29.954 Number of processors: 2 586 0x170A 15:21:29.954 ComputerName: LYNCHY-PC UserName: Lynchy 15:21:33.495 Initialize success 15:21:46.513 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 15:21:46.513 Disk 0 Vendor: TOSHIBA_MK3265GSX GJ002J Size: 305245MB BusType: 11 15:21:46.528 Disk 0 MBR read successfully 15:21:46.544 Disk 0 MBR scan 15:21:46.544 Disk 0 Windows 7 default MBR code 15:21:46.560 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 8243 MB offset 2048 15:21:46.591 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 297000 MB offset 16883712 15:21:46.606 Disk 0 scanning C:\Windows\system32\drivers 15:21:59.118 Service scanning 15:22:23.220 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 15:22:30.271 Modules scanning 15:22:30.271 Disk 0 trace - called modules: 15:22:30.318 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80049b12c0]<<spqf.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 15:22:30.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c95700] 15:22:30.333 3 CLASSPNP.SYS[fffff88001b9443f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004af7680] 15:22:30.333 \Driver\atapi[0xfffffa8004ac2060] -> IRP_MJ_CREATE -> 0xfffffa80049b12c0 15:22:30.333 Scan finished successfully 15:22:45.169 Disk 0 MBR has been saved successfully to "C:\Users\Lynchy\Desktop\MBR.dat" 15:22:45.184 The log file has been saved successfully to "C:\Users\Lynchy\Desktop\aswMBR.txt" . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Lynchy at 15:48:48 on 2012-07-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2598 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.co.uk/ uSearch Page = uSearch Bar = mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4} uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> mSearchAssistant = uURLSearchHooks: H - No File uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [AdobeBridge] uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [spotify Web Helper] "C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Akamai NetSession Interface] "C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe" uRun: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [Conime] %windir%\system32\conime.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe StartupFolder: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MP3ROC~1.LNK - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\14C656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4957373536454 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4959373935333 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO-X64: uTorrentControl2 - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun-x64: [Conime] %windir%\system32\conime.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe . ============= SERVICES / DRIVERS =============== . R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?] R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-16 14:05:56 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\Malwarebytes 2012-07-16 14:05:52 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-16 14:05:51 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-16 14:05:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 11:48:57 -------- d-----w- C:\Program Files (x86)\uTorrentControl2 2012-07-16 11:48:48 -------- d-----w- C:\Program Files (x86)\Yontoo 2012-07-16 11:48:46 -------- d-----w- C:\ProgramData\Tarma Installer 2012-07-16 11:48:26 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-07-12 05:35:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-07-12 05:26:19 -------- d-----w- C:\Program Files\CCleaner 2012-07-12 03:52:05 -------- d-----w- C:\Windows\pss 2012-07-12 02:30:39 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 02:38:17 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys 2012-07-10 02:26:54 -------- d-----w- C:\ProgramData\HitmanPro 2012-07-09 21:20:59 -------- d-----w- C:\Program Files (x86)\myapp.exe 2012-07-09 20:20:37 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com 2012-07-09 20:20:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-07-09 20:20:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-07-09 12:42:09 -------- d-----w- C:\Users\Lynchy\AppData\Local\AVG Secure Search 2012-07-09 12:41:49 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-09 12:40:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-08 04:48:15 -------- d-----w- C:\Users\Lynchy\AppData\Local\syjpmxpn 2012-07-06 18:39:06 -------- d-----w- C:\Users\Lynchy\AppData\Local\Apps 2012-07-06 18:39:04 -------- d-----w- C:\Users\Lynchy\AppData\Local\Deployment 2012-06-21 18:29:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 18:29:22 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 18:27:52 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 18:27:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-11 17:27:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 17:27:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-09 11:36:13 99384 ----a-w- C:\Users\Lynchy\AppData\Roaming\inst.exe 2012-07-09 11:36:13 82816 ----a-w- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 15:50:19.04 ===============
  12. Thanks a lot for your help, here are the logs. Paul . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Lynchy at 20:12:14 on 2012-07-12 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2366 [GMT 1:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\igfxpers.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Windows\splwow64.exe C:\PROGRA~2\GRETECH\GOMPLA~1\GOM.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = https://www.google.co.uk/ uSearch Page = uSearch Bar = mStart Page = hxxp://www.bigseekpro.com/mp3rocket/{2709E692-8504-43AB-958E-70A9147980B4} uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> mSearchAssistant = uURLSearchHooks: H - No File uURLSearchHooks: H - No File mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [AdobeBridge] uRun: [bfcQvyfn] C:\Users\Lynchy\AppData\Local\syjpmxpn\bfcqvyfn.exe uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [spotify Web Helper] "C:\Users\Lynchy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [Akamai NetSession Interface] "C:\Users\Lynchy\AppData\Local\Akamai\netsession_win.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [Conime] %windir%\system32\conime.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe StartupFolder: C:\Users\Lynchy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bfcqvyfn.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MP3ROC~1.LNK - C:\Program Files (x86)\MP3 Rocket\MP3Rocket.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OSD.lnk - C:\windows\Installer\{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}\_693B294D31BEF0AFC52D71.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\14C656 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\35B4957373536454 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{D211927F-7A7F-442A-8190-CE84A61719E2}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun-x64: [Conime] %windir%\system32\conime.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe . ============= SERVICES / DRIVERS =============== . R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 SoilIO;SoilIO;C:\Windows\system32\drivers\SoilIO.sys --> C:\Windows\system32\drivers\SoilIO.sys [?] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?] R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 soilkbc;soilkbc;C:\Windows\system32\drivers\soilkbc.sys --> C:\Windows\system32\drivers\soilkbc.sys [?] R3 SoilMC;SoilMC;C:\Windows\system32\drivers\SoilMC.sys --> C:\Windows\system32\drivers\SoilMC.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] RUnknown mbamchameleon;mbamchameleon; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 hitmanpro36;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-07-12 05:35:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group 2012-07-12 05:26:19 -------- d-----w- C:\Program Files\CCleaner 2012-07-12 04:10:44 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\Malwarebytes 2012-07-12 04:10:32 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-12 04:10:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-12 03:52:05 -------- d-----w- C:\Windows\pss 2012-07-12 02:30:39 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 02:38:17 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys 2012-07-10 02:26:54 -------- d-----w- C:\ProgramData\HitmanPro 2012-07-09 21:20:59 -------- d-----w- C:\Program Files (x86)\myapp.exe 2012-07-09 20:20:37 -------- d-----w- C:\Users\Lynchy\AppData\Roaming\SUPERAntiSpyware.com 2012-07-09 20:20:22 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-07-09 20:20:22 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-07-09 12:42:09 -------- d-----w- C:\Users\Lynchy\AppData\Local\AVG Secure Search 2012-07-09 12:41:49 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-09 12:41:47 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-09 12:40:21 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-08 04:48:15 -------- d-----w- C:\Users\Lynchy\AppData\Local\syjpmxpn 2012-07-06 18:39:06 -------- d-----w- C:\Users\Lynchy\AppData\Local\Apps 2012-07-06 18:39:04 -------- d-----w- C:\Users\Lynchy\AppData\Local\Deployment 2012-06-21 18:29:43 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 18:29:22 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 18:27:52 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 18:27:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-14 21:48:18 -------- d-----w- C:\Users\Lynchy\AppData\Local\{C09AA877-A8AA-4319-8ADB-7527A5E1F339} 2012-06-13 15:12:06 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 15:12:05 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 15:12:04 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe . ==================== Find3M ==================== . 2012-07-11 17:27:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 17:27:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-09 11:36:13 99384 ----a-w- C:\Users\Lynchy\AppData\Roaming\inst.exe 2012-07-09 11:36:13 82816 ----a-w- C:\Users\Lynchy\AppData\Roaming\pcouffin.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 20:12:59.55 =============== . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 10/02/2011 21:57:22 System Uptime: 12/07/2012 11:53:53 (9 hours ago) . Motherboard: Advent | | Processor: Celeron® Dual-Core CPU T3500 @ 2.10GHz | CPU 1 | 2094/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 290 GiB total, 54.392 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP233: 10/07/2012 04:10:15 - Windows Update RP236: 12/07/2012 03:07:29 - Windows Modules Installer RP237: 12/07/2012 03:15:23 - Windows Modules Installer RP238: 12/07/2012 03:23:09 - Windows Modules Installer RP239: 12/07/2012 06:41:05 - Revo Uninstaller's restore point - Babylon toolbar . ==== Installed Programs ====================== . Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player aioscnnr Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Software Update C4USelfUpdater center Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DSG OSD 1.01 DTS+AC3 Filter essentials GOM Player Intel AppUp(SM) center Java Auto Updater Java 6 Update 26 JMicron Ethernet Adapter NDIS Driver JMicron Flash Media Controller Driver Junk Mail filter update KODAK AiO Software ksDIP LG USB Modem driver Mesh Runtime Messenger Companion Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MPEG2 Codec(libmpeg2/mad) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) ocr PreReq QuickTime REALTEK Wireless LAN Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Spotify TouchFreeze Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Vegas Movie Studio HD Platinum 10.0 Visual Studio 2008 x64 Redistributables Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 12/07/2012 18:22:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 12/07/2012 18:22:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 12/07/2012 18:21:37, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 12/07/2012 18:20:37, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s). 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:20:37, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/07/2012 18:12:34, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {A483C63A-CDBC-426E-BF93-872502E8144E}. The error: "8" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe -Embedding 12/07/2012 18:09:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 12/07/2012 06:55:24, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 12/07/2012 06:14:36, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 12/07/2012 06:14:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 12/07/2012 06:14:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/07/2012 06:14:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 12/07/2012 06:14:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgmfx64 DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:21, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:19, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 12/07/2012 06:14:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/07/2012 06:14:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 12/07/2012 06:14:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 12/07/2012 06:14:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 12/07/2012 04:24:51, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 12/07/2012 03:22:28, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool x64 - July 2012 (KB890830). 12/07/2012 03:22:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070008: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2719177). 12/07/2012 03:07:24, Error: volsnap [6] - The shadow copy of volume C: could not create a new paged heap. The system may be low on virtual memory. 10/07/2012 03:38:22, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully.. 10/07/2012 03:37:24, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 09/07/2012 21:34:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. 09/07/2012 17:41:49, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 09/07/2012 17:41:45, Error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: The system cannot find the file specified. 09/07/2012 17:36:03, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx64 09/07/2012 12:36:30, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 09/07/2012 12:34:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 08/07/2012 15:47:26, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect. 08/07/2012 15:47:26, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 06/07/2012 01:20:42, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  13. Hi there, i dont know the rules on the forum, if im aloud to start a new topic etc, so i do apologise if ive gone against any rules. All it is, a friend told me about malwarebyte a few days ago and told me to get it after i had a few problems with my computer. Basically, a pop up kept coming on the screen saying it had found a few trojans or viruses (cant remember exactly now what it said as ive managed to stop it from doing it) i was using AVG at the time and it the pop up was as if it was AVG that had found it, however, when i ran avg it didnt find anything. ive since uninstalled avg and gone for Superantispyware (again, suggested by the same friend), The only problem im having it trying to install malwarebyte's now, ive been reading up about it all over the last 2 days, ive tried renaming the file to mapp.exe and other things like that, i must have installed and uninstalled it about 20 times trying different methods but nothing seems to help. i think it all started the day googlechrome stopped working saying something about "profie wont load", i dont know if ive picked up some kind of virus or what? any help would be absolutely great! its driving me mental now! thanks alot. Paul.
  14. Hi there, i dont know the rules on the forum, if im aloud to start a new topic etc, so i do apologise if ive gone against any rules. All it is, a friend told me about malwarebyte a few days ago and told me to get it after i had a few problems with my computer. Basically, a pop up kept coming on the screen saying it had found a few trojans or viruses (cant remember exactly now what it said as ive managed to stop it from doing it) i was using AVG at the time and it the pop up was as if it was AVG that had found it, however, when i ran avg it didnt find anything. ive since uninstalled avg and gone for Superantispyware (again, suggested by the same friend), The only problem im having it trying to install malwarebyte's now, ive been reading up about it all over the last 2 days, ive tried renaming the file to mapp.exe and other things like that, i must have installed and uninstalled it about 20 times trying different methods but nothing seems to help. i think it all started the day googlechrome stopped working saying something about "profie wont load", i dont know if ive picked up some kind of virus or what? any help would be absolutely great! its driving me mental now! thanks alot. Paul.