[Hijack.userinit infection]

Apparenty while I was running combo fix norton was on but I don't have norton installed on my computer.

[Hijack.userinit infection]

And the following is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012

Ran by SYSTEM at 2012-12-02 12:49:32 Run:1

Running from F:\

==============================================

startHKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exeC:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.logend not found.

HKEY_USERS\startDaniel\Software\Microsoft\Windows\CurrentVersion\Run\\startFqgJqgst Value not found.

==== End of Fixlog ====

[Hijack.userinit infection]

Hi Sorry for the late replay but the following is the Combo Fix log.

ComboFix 12-12-01.02 - Daniel 02/12/2012 14:04:25.3.8 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4806 [GMT 11:00]

Running from: c:\users\Daniel\Desktop\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe

c:\users\Daniel\Desktop\Personal\Origami\Origami_1\Origami eBooks\Ghep monum\Ebook\Chinese origami book (full)\_desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-01 21:29 . 2012-12-01 21:29 -------- d-----w- C:\FRST

2012-12-01 06:04 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-01 06:04 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-01 06:04 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-01 06:04 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-01 06:04 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-01 06:04 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-01 06:04 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-01 06:03 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-01 06:03 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\programdata\AVAST Software

2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\program files\AVAST Software

2012-12-01 00:41 . 2012-12-02 02:12 -------- d-----w- c:\users\Daniel\AppData\Local\wkowggjd

2012-12-01 00:41 . 2012-12-01 00:41 102056 --s---w- c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fqgjqgst.exe

2012-11-21 06:01 . 2012-11-21 06:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\program files (x86)\Guild Wars 2

2012-11-16 08:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 08:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 08:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 08:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 08:29 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-16 08:29 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-16 08:29 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-16 08:29 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-16 08:27 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-16 08:27 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-16 08:27 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-16 08:27 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-16 08:27 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-16 08:27 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-16 08:27 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-16 08:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-16 08:27 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-16 08:27 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-16 08:27 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-16 08:27 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-16 08:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-16 08:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-04 11:16 . 2012-10-25 23:50 258352 ----a-w- c:\windows\SysWow64\unicows.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 06:54 . 2011-05-26 06:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-11-20 06:54 . 2011-06-17 07:08 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-11-17 10:02 . 2011-06-14 05:58 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-11-16 08:29 . 2011-04-07 04:50 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-14 10:16 . 2012-03-28 09:48 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-11-14 10:16 . 2011-04-20 14:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-11-14 10:12 . 2011-04-20 14:28 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-11-11 05:18 . 2011-05-03 09:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-10-26 01:36 . 2012-10-26 01:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-21 07:27 . 2011-04-20 14:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-10-15 07:59 . 2012-10-15 07:59 3584 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2012-09-29 08:54 . 2012-04-15 09:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-20 04:35 . 2012-10-15 21:20 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-09-20 04:35 . 2012-10-15 21:20 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-09-14 19:19 . 2012-10-10 07:25 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 07:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-02 843208]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-15 1353080]

"FqgJqgst"="c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2010-08-20 714104]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

fqgjqgst.exe [2012-12-1 102056]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [2011-11-29 167048]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [2012-01-17 190072]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [2012-01-17 405624]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 Crazy Johns Broadband. RunOuc;Crazy Johns Broadband. OUC;c:\program files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [2012-05-15 246112]

R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-05-15 117248]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-05-15 98816]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-05 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [2012-01-17 1092728]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-09-02 482384]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-05-08 80384]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-04-25 53760]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-05-15 86016]

S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624]

S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-06-11 1110560]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-01 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-01 22:50]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [bU]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [bU]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\kvrd2il1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_†\00\00†\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~†\00\00†\00\00\00\00†\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-67684466-253165790-691636694-1001\Software\SecuROM\License information*]

"datasecu"=hex:a8,ae,bd,fd,24,e1,02,2d,a4,ba,e9,38,35,44,19,7a,e8,de,c5,68,d6,

27,5e,c4,7f,1a,83,9a,ff,4b,fb,07,54,ae,31,8f,1b,b8,22,3b,1e,7c,3c,37,58,e4,\

"rkeysecu"=hex:93,20,4b,c4,19,cf,c0,26,f9,5f,bd,66,d2,45,f6,3b

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]

@DACL=(02 0000)

"PatchGUID"=""

"MediaCabinet"=""

"File"="SteamService.exe"

"ComponentVersion"="1.5.31.0"

"ProductVersion"="1.0.0"

"PatchSize"="0"

"PatchAttributes"="0"

"PatchSequence"="0"

"SharedComponent"="0"

"IsFullFile"="0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]

@DACL=(02 0000)

"PatchGUID"=""

"MediaCabinet"=""

"File"="Steam.exe1"

"ComponentVersion"="1.0.968.628"

"ProductVersion"="1.0.0"

"PatchSize"="0"

"PatchAttributes"="0"

"PatchSequence"="0"

"SharedComponent"="0"

"IsFullFile"="0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 14:17:30

ComboFix-quarantined-files.txt 2012-12-02 03:17

ComboFix2.txt 2012-12-02 02:19

ComboFix3.txt 2012-12-01 02:57

.

Pre-Run: 116,958,449,664 bytes free

Post-Run: 116,644,884,480 bytes free

.

- - End Of File - - FF4B022D79B2E640C5F76CEA9F3EEEB4

[Hijack.userinit infection]

Thankyou for the quick reply and a appreciate your help. Below is the FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 9 days old)

Ran by SYSTEM at 02-12-2012 11:53:55

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x]

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x]

HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x]

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]

HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]

HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-09] (Realtek Semiconductor)

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x]

HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x]

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)

HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]

HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-08-20] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-10] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [x]

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKU\Daniel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)

HKU\Daniel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)

HKU\Daniel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung)

HKU\Daniel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)

HKU\Daniel\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-10-15] (Valve Corporation)

HKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()

HKU\Daniel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung)

HKU\UpdatusUser\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

Startup: C:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe ()

Startup: C:\Users\Daniel\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-25] (mobile concepts GmbH)

2 Crazy Johns Broadband. RunOuc; C:\Program Files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [246112 2012-05-14] ()

2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)

2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-10-20] ()

2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-18] ()

2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

2 mi-raysat_3dsmax9_32; "C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-21] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)

3 hidshim; C:\Windows\System32\Drivers\hidshim.sys [6656 2009-08-31] (Windows ® Win 7 DDK provider)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [488568 2012-03-05] (Symantec Corporation)

3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)

3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)

3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [1001472 2012-05-14] (DiBcom SA)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\ENG64.SYS [117880 2012-03-21] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\EX64.SYS [2048632 2012-03-21] (Symantec Corporation)

3 nuvotonhidcir; C:\Windows\System32\Drivers\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)

3 nuvotonir; C:\Windows\System32\Drivers\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)

3 SRTSP; C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS [738936 2012-01-17] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS [37496 2012-01-17] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1306010.008\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1306010.008\SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation)

3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-08] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)

3 toshidpt; C:\Windows\System32\Drivers\toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)

3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-28] (Texas Instruments)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST

2012-11-30 22:04 - 2012-11-30 23:29 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job

2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-11-30 22:04 - 2012-10-30 14:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-11-30 22:04 - 2012-10-30 14:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-11-30 22:04 - 2012-10-15 07:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software

2012-11-30 22:03 - 2012-10-30 14:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-11-30 22:03 - 2012-10-30 14:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-11-30 21:52 - 2012-11-30 21:59 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe

2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-11-30 19:18 - 2012-12-01 15:54 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log

2012-11-30 19:17 - 2012-12-01 16:01 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log

2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt

2012-11-30 18:38 - 2012-11-30 18:57 - 00000000 ____D C:\Qoobox

2012-11-30 18:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-30 18:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-30 18:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-30 18:37 - 2012-11-30 18:54 - 00000000 ____D C:\Windows\erdnt

2012-11-30 18:19 - 2012-11-30 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF}

2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C}

2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log

2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd

2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log

2012-11-30 16:20 - 2012-11-30 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867}

2012-11-30 03:16 - 2008-09-21 02:16 - 00003146 ____A C:\Users\Daniel\Downloads\bossa_basic_pattern.gp5

2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B}

2012-11-29 13:02 - 2012-11-29 13:04 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4

2012-11-29 12:58 - 2012-11-29 13:00 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4

2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066}

2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE}

2012-11-28 12:08 - 2012-11-28 12:14 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar

2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097}

2012-11-28 04:30 - 2012-11-28 04:32 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4

2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2}

2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448}

2012-11-25 21:18 - 2012-11-25 21:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F}

2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210}

2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB}

2012-11-23 02:48 - 2012-11-23 02:50 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4

2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D}

2012-11-21 23:45 - 2012-11-21 23:46 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip

2012-11-21 22:03 - 2012-11-21 22:04 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED}

2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A}

2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A}

2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF}

2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147}

2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779}

2012-11-17 19:00 - 2012-11-17 19:01 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA}

2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49}

2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E}

2012-11-16 03:58 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-16 03:58 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-16 03:58 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-16 03:58 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-16 03:58 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-16 03:58 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-16 03:58 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-16 03:58 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-16 03:58 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-16 03:58 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-16 03:58 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-16 03:58 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-16 03:58 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-16 03:58 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-16 03:58 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-16 03:58 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-16 03:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-16 03:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-16 03:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-16 03:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-16 03:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-16 03:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-16 03:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-16 03:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-16 03:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-16 03:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-16 03:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-16 03:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-16 03:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-16 03:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-16 03:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-16 03:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2012-11-16 01:08 - 2012-11-16 02:36 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2

2012-11-16 01:06 - 2012-11-16 01:08 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe

2012-11-16 00:31 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-16 00:31 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-16 00:31 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-16 00:31 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-16 00:29 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll

2012-11-16 00:29 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll

2012-11-16 00:29 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

2012-11-16 00:29 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

2012-11-16 00:28 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-16 00:28 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-16 00:28 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 00:28 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-16 00:28 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-16 00:28 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-16 00:28 - 2012-05-31 21:39 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wamregps.dll

2012-11-16 00:28 - 2012-05-31 21:36 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\iisRtl.dll

2012-11-16 00:28 - 2012-05-31 21:36 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\iisrstap.dll

2012-11-16 00:28 - 2012-05-31 21:35 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ahadmin.dll

2012-11-16 00:28 - 2012-05-31 21:34 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\admwprox.dll

2012-11-16 00:28 - 2012-05-31 21:33 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\iisreset.exe

2012-11-16 00:28 - 2012-05-31 20:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll

2012-11-16 00:28 - 2012-05-31 20:37 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll

2012-11-16 00:28 - 2012-05-31 20:37 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll

2012-11-16 00:28 - 2012-05-31 20:35 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll

2012-11-16 00:28 - 2012-05-31 20:35 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll

2012-11-16 00:28 - 2012-05-31 20:34 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe

2012-11-16 00:27 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-11-16 00:27 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll

2012-11-16 00:27 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll

2012-11-16 00:27 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2012-11-16 00:27 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2012-11-16 00:26 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-16 00:26 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-15 23:54 - 2012-11-15 23:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A}

2012-11-15 01:00 - 2012-11-15 01:02 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4

2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E}

2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA}

2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED}

2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF}

2012-11-10 21:15 - 2012-11-10 21:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292}

2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E}

2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379}

2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485}

2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8}

2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829}

2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4}

2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C}

2012-11-04 03:16 - 2012-10-25 15:50 - 00258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

2012-11-04 03:05 - 2012-11-04 03:07 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4

2012-11-04 02:42 - 2012-11-04 02:44 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4

2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB}

2012-11-02 17:52 - 2012-11-02 17:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5}

2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2012-12-01 16:17 - 2012-12-01 16:17 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Desktop\OTL.exe

2012-12-01 16:15 - 2011-04-02 14:05 - 01947143 ____A C:\Windows\WindowsUpdate.log

2012-12-01 16:12 - 2012-10-15 00:08 - 00000000 ____D C:\Program Files (x86)\Steam

2012-12-01 16:02 - 2011-04-07 08:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job

2012-12-01 16:01 - 2012-11-30 19:17 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log

2012-12-01 16:01 - 2012-11-30 16:46 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log

2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log

2012-12-01 15:53 - 2011-05-09 02:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi

2012-12-01 15:51 - 2011-08-19 03:05 - 00156615 ____A C:\Windows\setupact.log

2012-12-01 15:51 - 2011-06-02 22:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-01 15:51 - 2011-04-02 14:08 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-12-01 15:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST

2012-12-01 03:08 - 2011-06-16 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

2012-12-01 03:02 - 2011-04-07 08:59 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job

2012-12-01 02:49 - 2011-06-02 22:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-30 23:29 - 2012-11-30 22:04 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files

2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\All Users\PMB Files

2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd

2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job

2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software

2012-11-30 21:59 - 2012-11-30 21:52 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe

2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-11-30 21:30 - 2011-10-06 23:33 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-11-30 21:16 - 2011-08-19 23:04 - 00030318 ____A C:\Windows\PFRO.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log

2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt

2012-11-30 18:57 - 2012-11-30 18:38 - 00000000 ____D C:\Qoobox

2012-11-30 18:57 - 2012-04-15 01:38 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-30 18:57 - 2011-09-09 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-30 18:57 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2012-11-30 18:54 - 2012-11-30 18:37 - 00000000 ____D C:\Windows\erdnt

2012-11-30 18:53 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-11-30 18:20 - 2012-11-30 18:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF}

2012-11-30 18:15 - 2012-05-04 05:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Rainmeter

2012-11-30 18:15 - 2011-09-16 21:36 - 00000000 ____D C:\users\DefaultAppPool

2012-11-30 18:15 - 2011-04-01 22:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Macromedia

2012-11-30 18:15 - 2011-04-01 22:13 - 00000000 ____D C:\users\Daniel

2012-11-30 18:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-11-30 18:14 - 2011-08-27 20:01 - 00000000 ___RD C:\MSOCache

2012-11-30 18:14 - 2011-04-07 08:51 - 00000000 ____D C:\Program Files (x86)\Google

2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C}

2012-11-30 17:32 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log

2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log

2012-11-30 16:21 - 2012-11-30 16:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867}

2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B}

2012-11-29 13:17 - 2011-06-02 22:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Google

2012-11-29 13:04 - 2012-11-29 13:02 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4

2012-11-29 13:00 - 2012-11-29 12:58 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4

2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066}

2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE}

2012-11-28 13:08 - 2012-09-05 02:06 - 00000000 ____D C:\Users\Daniel\MSYNC

2012-11-28 12:14 - 2012-11-28 12:08 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar

2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097}

2012-11-28 04:32 - 2012-11-28 04:30 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4

2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2}

2012-11-27 00:22 - 2011-04-07 04:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent

2012-11-26 21:04 - 2012-08-15 03:23 - 00002497 ____A C:\Users\Daniel\Desktop\Google Chrome.lnk

2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448}

2012-11-25 21:19 - 2012-11-25 21:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F}

2012-11-24 20:03 - 2011-04-08 07:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps

2012-11-24 17:41 - 2009-07-13 21:13 - 00859564 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210}

2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB}

2012-11-23 02:50 - 2012-11-23 02:48 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4

2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D}

2012-11-21 23:46 - 2012-11-21 23:45 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip

2012-11-21 22:04 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED}

2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A}

2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A}

2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF}

2012-11-19 00:31 - 2011-04-06 18:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc

2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147}

2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779}

2012-11-17 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-11-17 19:01 - 2012-11-17 19:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA}

2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49}

2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E}

2012-11-17 00:52 - 2011-09-14 01:51 - 00024822 ____A C:\Windows\iis7.log

2012-11-17 00:51 - 2009-07-13 20:45 - 05003408 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv

2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv

2012-11-16 02:36 - 2012-11-16 01:08 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2

2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2012-11-16 01:08 - 2012-11-16 01:06 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe

2012-11-16 00:41 - 2011-04-01 22:20 - 00124920 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-16 00:31 - 2011-04-01 22:24 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-16 00:29 - 2011-04-06 20:50 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-15 23:55 - 2012-11-15 23:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A}

2012-11-15 01:02 - 2012-11-15 01:00 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4

2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E}

2012-11-14 02:16 - 2012-03-28 01:48 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-11-14 02:16 - 2011-04-20 06:28 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-11-14 02:12 - 2011-04-20 06:28 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA}

2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED}

2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF}

2012-11-10 21:16 - 2012-11-10 21:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292}

2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E}

2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379}

2012-11-10 19:33 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485}

2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8}

2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829}

2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4}

2012-11-04 22:19 - 2011-10-01 16:01 - 00000000 ____D C:\Seagate

2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C}

2012-11-04 03:24 - 2012-03-20 21:46 - 00000000 ____D C:\Perfect World Entertainment

2012-11-04 03:07 - 2012-11-04 03:05 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4

2012-11-04 02:44 - 2012-11-04 02:42 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4

2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB}

2012-11-02 17:53 - 2012-11-02 17:52 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5}

2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 23:08:46

Restore point made on: 2012-11-16 00:27:26

Restore point made on: 2012-11-16 03:58:31

Restore point made on: 2012-11-23 16:43:28

Restore point made on: 2012-11-28 04:44:29

Restore point made on: 2012-11-29 13:16:12

Restore point made on: 2012-11-30 17:27:49

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 6072.43 MB

Available physical RAM: 5357.09 MB

Total Pagefile: 6070.57 MB

Available Pagefile: 5340.65 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (S3A5912D001) (Fixed) (Total:686.34 GB) (Free:109 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (GN Drive) (Fixed) (Total:298.09 GB) (Free:107.45 GB) NTFS

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 686 GB 1501 MB

Partition 3 Primary 10 GB 687 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C S3A5912D001 NTFS Partition 686 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F GN Drive NTFS Partition 298 GB Healthy

=========================================================

Last Boot: 2012-11-24 21:18

==================== End Of Log =============================

[Hijack.userinit infection]

Hi guys, My computer has recently been infected with Hijack.userinit. I cannot access google chrome or malware bytes unless I start it in safe mode. The only browser that I can access in normal mode is Internet explorer and I cannot go on any websites that have certain words such a malware or virus. I cannot turn on windows security centre service aswell. Below is my scan log. Thankyou so much for your time.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.01.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Daniel :: DANIEL-PC [administrator]

2/12/2012 11:05:14 AM

mbam-log-2012-12-02 (11-12-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259592

Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 4

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe) Good: (userinit.exe) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)