nikeflyair
-
Posts
5 -
Joined
-
Last visited
-
Apparenty while I was running combo fix norton was on but I don't have norton installed on my computer.
-
And the following is the fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012 Ran by SYSTEM at 2012-12-02 12:49:32 Run:1 Running from F:\ ============================================== startHKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exeC:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.logend not found. HKEY_USERS\startDaniel\Software\Microsoft\Windows\CurrentVersion\Run\\startFqgJqgst Value not found. ==== End of Fixlog ====
-
Hi Sorry for the late replay but the following is the Combo Fix log. ComboFix 12-12-01.02 - Daniel 02/12/2012 14:04:25.3.8 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4806 [GMT 11:00] Running from: c:\users\Daniel\Desktop\ComboFix.exe AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe c:\users\Daniel\Desktop\Personal\Origami\Origami_1\Origami eBooks\Ghep monum\Ebook\Chinese origami book (full)\_desktop.ini . . ((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 ))))))))))))))))))))))))))))))) . . 2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-01 21:29 . 2012-12-01 21:29 -------- d-----w- C:\FRST 2012-12-01 06:04 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-01 06:04 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-01 06:04 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-01 06:04 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-12-01 06:04 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-01 06:04 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-01 06:04 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-01 06:03 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-01 06:03 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\programdata\AVAST Software 2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\program files\AVAST Software 2012-12-01 00:41 . 2012-12-02 02:12 -------- d-----w- c:\users\Daniel\AppData\Local\wkowggjd 2012-12-01 00:41 . 2012-12-01 00:41 102056 --s---w- c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fqgjqgst.exe 2012-11-21 06:01 . 2012-11-21 06:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\program files (x86)\Guild Wars 2 2012-11-16 08:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 08:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 08:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 08:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 08:29 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-16 08:29 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-16 08:29 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-16 08:29 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-16 08:27 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-16 08:27 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-16 08:27 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-16 08:27 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-16 08:27 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-16 08:27 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-16 08:27 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-16 08:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-16 08:27 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-16 08:27 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-16 08:27 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-16 08:27 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-16 08:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-16 08:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-04 11:16 . 2012-10-25 23:50 258352 ----a-w- c:\windows\SysWow64\unicows.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-20 06:54 . 2011-05-26 06:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll 2012-11-20 06:54 . 2011-06-17 07:08 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-11-17 10:02 . 2011-06-14 05:58 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-11-16 08:29 . 2011-04-07 04:50 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-14 10:16 . 2012-03-28 09:48 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-11-14 10:16 . 2011-04-20 14:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-11-14 10:12 . 2011-04-20 14:28 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-11-11 05:18 . 2011-05-03 09:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2012-10-26 01:36 . 2012-10-26 01:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-21 07:27 . 2011-04-20 14:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-10-15 07:59 . 2012-10-15 07:59 3584 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2012-09-29 08:54 . 2012-04-15 09:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-20 04:35 . 2012-10-15 21:20 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-09-20 04:35 . 2012-10-15 21:20 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-09-14 19:19 . 2012-10-10 07:25 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 07:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-02 843208] "KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-15 1353080] "FqgJqgst"="c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840] "TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2010-08-20 714104] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736] "TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ fqgjqgst.exe [2012-12-1 102056] Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 . R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240] R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [2011-11-29 167048] R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [2012-01-17 190072] R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [2012-01-17 405624] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448] R2 Crazy Johns Broadband. RunOuc;Crazy Johns Broadband. OUC;c:\program files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [2012-05-15 246112] R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920] R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-05-15 117248] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-05-15 98816] R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184] R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-05 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [2011-07-26 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [2012-01-17 1092728] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-09-02 482384] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-05-08 80384] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-04-25 53760] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-05-15 86016] S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624] S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-06-11 1110560] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-12-01 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-01 22:50] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31] . 2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59] . 2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job - c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU] "SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [bU] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\kvrd2il1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q= . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1" "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z [\]^_†\00\00†\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~†\00\00†\00\00\00\00†\00\00\00\00\00\00\00\00‘’“" . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-67684466-253165790-691636694-1001\Software\SecuROM\License information*] "datasecu"=hex:a8,ae,bd,fd,24,e1,02,2d,a4,ba,e9,38,35,44,19,7a,e8,de,c5,68,d6, 27,5e,c4,7f,1a,83,9a,ff,4b,fb,07,54,ae,31,8f,1b,b8,22,3b,1e,7c,3c,37,58,e4,\ "rkeysecu"=hex:93,20,4b,c4,19,cf,c0,26,f9,5f,bd,66,d2,45,f6,3b . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="SteamService.exe" "ComponentVersion"="1.5.31.0" "ProductVersion"="1.0.0" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Steam.exe1" "ComponentVersion"="1.0.968.628" "ProductVersion"="1.0.0" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-02 14:17:30 ComboFix-quarantined-files.txt 2012-12-02 03:17 ComboFix2.txt 2012-12-02 02:19 ComboFix3.txt 2012-12-01 02:57 . Pre-Run: 116,958,449,664 bytes free Post-Run: 116,644,884,480 bytes free . - - End Of File - - FF4B022D79B2E640C5F76CEA9F3EEEB4
-
Thankyou for the quick reply and a appreciate your help. Below is the FRST log. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 9 days old) Ran by SYSTEM at 02-12-2012 11:53:55 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x] HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x] HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x] HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x] HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x] HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x] HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x] HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x] HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x] HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-09] (Realtek Semiconductor) HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x] HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x] HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [x] HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated) HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x] HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-08-20] (TOSHIBA Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-10] (TOSHIBA Corporation) HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [x] HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.) HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x] HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation) HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-27] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software) HKU\Daniel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.) HKU\Daniel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung) HKU\Daniel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung) HKU\Daniel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics) HKU\Daniel\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-10-15] (Valve Corporation) HKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] () HKU\Daniel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung) HKU\UpdatusUser\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x] Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () Startup: C:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe () Startup: C:\Users\Daniel\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File) ==================== Services (Whitelisted) =================== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software) 3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-25] (mobile concepts GmbH) 2 Crazy Johns Broadband. RunOuc; C:\Program Files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [246112 2012-05-14] () 2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] () 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation) 2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-10-20] () 2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-18] () 2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) 2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation) 2 mi-raysat_3dsmax9_32; "C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [x] ==================== Drivers (Whitelisted) ===================== 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software) 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation) 1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-21] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation) 3 hidshim; C:\Windows\System32\Drivers\hidshim.sys [6656 2009-08-31] (Windows ® Win 7 DDK provider) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [488568 2012-03-05] (Symantec Corporation) 3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net) 3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net) 3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [1001472 2012-05-14] (DiBcom SA) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\ENG64.SYS [117880 2012-03-21] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\EX64.SYS [2048632 2012-03-21] (Symantec Corporation) 3 nuvotonhidcir; C:\Windows\System32\Drivers\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation) 3 nuvotonir; C:\Windows\System32\Drivers\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation) 3 SRTSP; C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS [738936 2012-01-17] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS [37496 2012-01-17] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1306010.008\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1306010.008\SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation) 3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-08] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation) 3 toshidpt; C:\Windows\System32\Drivers\toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.) 3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-28] (Texas Instruments) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST 2012-11-30 22:04 - 2012-11-30 23:29 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-11-30 22:04 - 2012-10-30 14:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys 2012-11-30 22:04 - 2012-10-30 14:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys 2012-11-30 22:04 - 2012-10-30 14:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys 2012-11-30 22:04 - 2012-10-30 14:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys 2012-11-30 22:04 - 2012-10-30 14:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys 2012-11-30 22:04 - 2012-10-30 14:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe 2012-11-30 22:04 - 2012-10-15 07:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys 2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software 2012-11-30 22:03 - 2012-10-30 14:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr 2012-11-30 22:03 - 2012-10-30 14:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe 2012-11-30 21:52 - 2012-11-30 21:59 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe 2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-11-30 19:18 - 2012-12-01 15:54 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log 2012-11-30 19:17 - 2012-12-01 16:01 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log 2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log 2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log 2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt 2012-11-30 18:38 - 2012-11-30 18:57 - 00000000 ____D C:\Qoobox 2012-11-30 18:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-11-30 18:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-11-30 18:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-11-30 18:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-11-30 18:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-11-30 18:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-11-30 18:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-11-30 18:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-11-30 18:37 - 2012-11-30 18:54 - 00000000 ____D C:\Windows\erdnt 2012-11-30 18:19 - 2012-11-30 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF} 2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C} 2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log 2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log 2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log 2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd 2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log 2012-11-30 16:20 - 2012-11-30 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867} 2012-11-30 03:16 - 2008-09-21 02:16 - 00003146 ____A C:\Users\Daniel\Downloads\bossa_basic_pattern.gp5 2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B} 2012-11-29 13:02 - 2012-11-29 13:04 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4 2012-11-29 12:58 - 2012-11-29 13:00 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4 2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066} 2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE} 2012-11-28 12:08 - 2012-11-28 12:14 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar 2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097} 2012-11-28 04:30 - 2012-11-28 04:32 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4 2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2} 2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448} 2012-11-25 21:18 - 2012-11-25 21:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F} 2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210} 2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB} 2012-11-23 02:48 - 2012-11-23 02:50 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4 2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D} 2012-11-21 23:45 - 2012-11-21 23:46 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip 2012-11-21 22:03 - 2012-11-21 22:04 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED} 2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A} 2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A} 2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF} 2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147} 2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779} 2012-11-17 19:00 - 2012-11-17 19:01 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA} 2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49} 2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E} 2012-11-16 03:58 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-11-16 03:58 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-11-16 03:58 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-11-16 03:58 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-11-16 03:58 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-11-16 03:58 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-11-16 03:58 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-11-16 03:58 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-11-16 03:58 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-11-16 03:58 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-11-16 03:58 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2012-11-16 03:58 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-11-16 03:58 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-11-16 03:58 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-11-16 03:58 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-11-16 03:58 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-11-16 03:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-11-16 03:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-11-16 03:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-11-16 03:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-11-16 03:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-11-16 03:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-11-16 03:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-11-16 03:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-11-16 03:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-11-16 03:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-11-16 03:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2012-11-16 03:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2012-11-16 03:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-11-16 03:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-11-16 03:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-11-16 03:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2 2012-11-16 01:08 - 2012-11-16 02:36 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2 2012-11-16 01:06 - 2012-11-16 01:08 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe 2012-11-16 00:31 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys 2012-11-16 00:31 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys 2012-11-16 00:31 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll 2012-11-16 00:31 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf 2012-11-16 00:29 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll 2012-11-16 00:29 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll 2012-11-16 00:29 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll 2012-11-16 00:29 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll 2012-11-16 00:28 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-11-16 00:28 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll 2012-11-16 00:28 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe 2012-11-16 00:28 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2012-11-16 00:28 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll 2012-11-16 00:28 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 00:28 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys 2012-11-16 00:28 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys 2012-11-16 00:28 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2012-11-16 00:28 - 2012-05-31 21:39 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wamregps.dll 2012-11-16 00:28 - 2012-05-31 21:36 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\iisRtl.dll 2012-11-16 00:28 - 2012-05-31 21:36 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\iisrstap.dll 2012-11-16 00:28 - 2012-05-31 21:35 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ahadmin.dll 2012-11-16 00:28 - 2012-05-31 21:34 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\admwprox.dll 2012-11-16 00:28 - 2012-05-31 21:33 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\iisreset.exe 2012-11-16 00:28 - 2012-05-31 20:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll 2012-11-16 00:28 - 2012-05-31 20:37 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll 2012-11-16 00:28 - 2012-05-31 20:37 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll 2012-11-16 00:28 - 2012-05-31 20:35 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll 2012-11-16 00:28 - 2012-05-31 20:35 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll 2012-11-16 00:28 - 2012-05-31 20:34 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe 2012-11-16 00:27 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-11-16 00:27 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll 2012-11-16 00:27 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll 2012-11-16 00:27 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll 2012-11-16 00:27 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll 2012-11-16 00:27 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll 2012-11-16 00:27 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll 2012-11-16 00:27 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll 2012-11-16 00:27 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2012-11-16 00:27 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2012-11-16 00:27 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys 2012-11-16 00:27 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2012-11-16 00:26 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll 2012-11-16 00:26 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll 2012-11-15 23:54 - 2012-11-15 23:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A} 2012-11-15 01:00 - 2012-11-15 01:02 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4 2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E} 2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA} 2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED} 2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF} 2012-11-10 21:15 - 2012-11-10 21:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292} 2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E} 2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379} 2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485} 2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8} 2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829} 2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4} 2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C} 2012-11-04 03:16 - 2012-10-25 15:50 - 00258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll 2012-11-04 03:05 - 2012-11-04 03:07 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4 2012-11-04 02:42 - 2012-11-04 02:44 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4 2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB} 2012-11-02 17:52 - 2012-11-02 17:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5} 2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump ==================== One Month Modified Files and Folders ======= 2012-12-01 16:17 - 2012-12-01 16:17 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Desktop\OTL.exe 2012-12-01 16:15 - 2011-04-02 14:05 - 01947143 ____A C:\Windows\WindowsUpdate.log 2012-12-01 16:12 - 2012-10-15 00:08 - 00000000 ____D C:\Program Files (x86)\Steam 2012-12-01 16:02 - 2011-04-07 08:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job 2012-12-01 16:01 - 2012-11-30 19:17 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log 2012-12-01 16:01 - 2012-11-30 16:46 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log 2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log 2012-12-01 15:53 - 2011-05-09 02:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi 2012-12-01 15:51 - 2011-08-19 03:05 - 00156615 ____A C:\Windows\setupact.log 2012-12-01 15:51 - 2011-06-02 22:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-12-01 15:51 - 2011-04-02 14:08 - 00000000 ____D C:\Users\All Users\NVIDIA 2012-12-01 15:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST 2012-12-01 03:08 - 2011-06-16 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype 2012-12-01 03:02 - 2011-04-07 08:59 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job 2012-12-01 02:49 - 2011-06-02 22:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-11-30 23:29 - 2012-11-30 22:04 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files 2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\All Users\PMB Files 2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd 2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job 2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt 2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software 2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software 2012-11-30 21:59 - 2012-11-30 21:52 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe 2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-11-30 21:30 - 2011-10-06 23:33 - 00000000 ____D C:\Program Files (x86)\QuickTime 2012-11-30 21:16 - 2011-08-19 23:04 - 00030318 ____A C:\Windows\PFRO.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log 2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log 2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log 2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log 2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt 2012-11-30 18:57 - 2012-11-30 18:38 - 00000000 ____D C:\Qoobox 2012-11-30 18:57 - 2012-04-15 01:38 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-11-30 18:57 - 2011-09-09 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-30 18:57 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default 2012-11-30 18:54 - 2012-11-30 18:37 - 00000000 ____D C:\Windows\erdnt 2012-11-30 18:53 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-11-30 18:20 - 2012-11-30 18:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF} 2012-11-30 18:15 - 2012-05-04 05:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Rainmeter 2012-11-30 18:15 - 2011-09-16 21:36 - 00000000 ____D C:\users\DefaultAppPool 2012-11-30 18:15 - 2011-04-01 22:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Macromedia 2012-11-30 18:15 - 2011-04-01 22:13 - 00000000 ____D C:\users\Daniel 2012-11-30 18:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-11-30 18:14 - 2011-08-27 20:01 - 00000000 ___RD C:\MSOCache 2012-11-30 18:14 - 2011-04-07 08:51 - 00000000 ____D C:\Program Files (x86)\Google 2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C} 2012-11-30 17:32 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log 2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log 2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log 2012-11-30 16:21 - 2012-11-30 16:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867} 2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B} 2012-11-29 13:17 - 2011-06-02 22:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Google 2012-11-29 13:04 - 2012-11-29 13:02 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4 2012-11-29 13:00 - 2012-11-29 12:58 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4 2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066} 2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE} 2012-11-28 13:08 - 2012-09-05 02:06 - 00000000 ____D C:\Users\Daniel\MSYNC 2012-11-28 12:14 - 2012-11-28 12:08 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar 2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097} 2012-11-28 04:32 - 2012-11-28 04:30 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4 2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2} 2012-11-27 00:22 - 2011-04-07 04:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent 2012-11-26 21:04 - 2012-08-15 03:23 - 00002497 ____A C:\Users\Daniel\Desktop\Google Chrome.lnk 2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448} 2012-11-25 21:19 - 2012-11-25 21:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F} 2012-11-24 20:03 - 2011-04-08 07:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps 2012-11-24 17:41 - 2009-07-13 21:13 - 00859564 ____A C:\Windows\System32\PerfStringBackup.INI 2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210} 2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB} 2012-11-23 02:50 - 2012-11-23 02:48 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4 2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D} 2012-11-21 23:46 - 2012-11-21 23:45 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip 2012-11-21 22:04 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED} 2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A} 2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A} 2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF} 2012-11-19 00:31 - 2011-04-06 18:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc 2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147} 2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779} 2012-11-17 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2012-11-17 19:01 - 2012-11-17 19:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA} 2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49} 2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E} 2012-11-17 00:52 - 2011-09-14 01:51 - 00024822 ____A C:\Windows\iis7.log 2012-11-17 00:51 - 2009-07-13 20:45 - 05003408 ____A C:\Windows\System32\FNTCACHE.DAT 2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv 2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv 2012-11-16 02:36 - 2012-11-16 01:08 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2 2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk 2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2 2012-11-16 01:08 - 2012-11-16 01:06 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe 2012-11-16 00:41 - 2011-04-01 22:20 - 00124920 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT 2012-11-16 00:31 - 2011-04-01 22:24 - 00000000 ____D C:\Users\All Users\Microsoft Help 2012-11-16 00:29 - 2011-04-06 20:50 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-11-15 23:55 - 2012-11-15 23:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A} 2012-11-15 01:02 - 2012-11-15 01:00 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4 2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E} 2012-11-14 02:16 - 2012-03-28 01:48 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-11-14 02:16 - 2011-04-20 06:28 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-11-14 02:12 - 2011-04-20 06:28 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA} 2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED} 2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF} 2012-11-10 21:16 - 2012-11-10 21:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292} 2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E} 2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379} 2012-11-10 19:33 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485} 2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8} 2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829} 2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4} 2012-11-04 22:19 - 2011-10-01 16:01 - 00000000 ____D C:\Seagate 2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C} 2012-11-04 03:24 - 2012-03-20 21:46 - 00000000 ____D C:\Perfect World Entertainment 2012-11-04 03:07 - 2012-11-04 03:05 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4 2012-11-04 02:44 - 2012-11-04 02:42 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4 2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB} 2012-11-02 17:53 - 2012-11-02 17:52 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5} 2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-11-06 23:08:46 Restore point made on: 2012-11-16 00:27:26 Restore point made on: 2012-11-16 03:58:31 Restore point made on: 2012-11-23 16:43:28 Restore point made on: 2012-11-28 04:44:29 Restore point made on: 2012-11-29 13:16:12 Restore point made on: 2012-11-30 17:27:49 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 6072.43 MB Available physical RAM: 5357.09 MB Total Pagefile: 6070.57 MB Available Pagefile: 5340.65 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (S3A5912D001) (Fixed) (Total:686.34 GB) (Free:109 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive f: (GN Drive) (Fixed) (Total:298.09 GB) (Free:107.45 GB) NTFS 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 298 GB 1024 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 686 GB 1501 MB Partition 3 Primary 10 GB 687 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C S3A5912D001 NTFS Partition 686 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 298 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F GN Drive NTFS Partition 298 GB Healthy ========================================================= Last Boot: 2012-11-24 21:18 ==================== End Of Log =============================
-
Hi guys, My computer has recently been infected with Hijack.userinit. I cannot access google chrome or malware bytes unless I start it in safe mode. The only browser that I can access in normal mode is Internet explorer and I cannot go on any websites that have certain words such a malware or virus. I cannot turn on windows security centre service aswell. Below is my scan log. Thankyou so much for your time. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.01.03 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-PC [administrator] 2/12/2012 11:05:14 AM mbam-log-2012-12-02 (11-12-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 259592 Time elapsed: 7 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 4 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe) Good: (userinit.exe) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)