Jump to content

Hijack.userinit infection


Recommended Posts

Hi guys, My computer has recently been infected with Hijack.userinit. I cannot access google chrome or malware bytes unless I start it in safe mode. The only browser that I can access in normal mode is Internet explorer and I cannot go on any websites that have certain words such a malware or virus. I cannot turn on windows security centre service aswell. Below is my scan log. Thankyou so much for your time.

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.01.03

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Daniel :: DANIEL-PC [administrator]

2/12/2012 11:05:14 AM

mbam-log-2012-12-02 (11-12-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 259592

Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 4

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (userinit.exe,,C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe) Good: (userinit.exe) -> No action taken.

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • Staff

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to the disclaimer.

[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there

[*]Press Scan button.

[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Link to post
Share on other sites

Thankyou for the quick reply and a appreciate your help. Below is the FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 9 days old)

Ran by SYSTEM at 02-12-2012 11:53:55

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]

HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [x]

HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [x]

HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]

HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [x]

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [x]

HKLM\...\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]

HKLM\...\Run: [smartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [x]

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10103840 2010-03-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [896032 2010-03-09] (Realtek Semiconductor)

HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [x]

HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [x]

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [x]

HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-05] (Adobe Systems Incorporated)

HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]

HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [714104 2010-08-20] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-10] (TOSHIBA Corporation)

HKLM-x32\...\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe [x]

HKLM-x32\...\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-18] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-10] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)

HKLM-x32\...\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [2254768 2012-11-19] (LogMeIn Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-27] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)

HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)

HKU\Daniel\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-22] (Apple Inc.)

HKU\Daniel\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [966072 2012-10-10] (Samsung)

HKU\Daniel\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung)

HKU\Daniel\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [580096 2012-10-08] (Samsung Electronics)

HKU\Daniel\...\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-10-15] (Valve Corporation)

HKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()

HKU\Daniel\...\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-02] (Samsung)

HKU\UpdatusUser\...\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" [x]

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk

ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

Startup: C:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe ()

Startup: C:\Users\Daniel\Start Menu\Programs\Startup\Stardock ObjectDock.lnk

ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)

3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-25] (mobile concepts GmbH)

2 Crazy Johns Broadband. RunOuc; C:\Program Files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [246112 2012-05-14] ()

2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll" /prefetch:1 [309688 2012-01-24] (Symantec Corporation)

2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2012-10-20] ()

2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [386344 2010-08-18] ()

2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [397824 2010-11-20] (Microsoft Corporation)

2 mi-raysat_3dsmax9_32; "C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [x]

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-30] (AVAST Software)

2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-10-30] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-30] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-30] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-30] (AVAST Software)

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)

1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-03-21] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)

3 hidshim; C:\Windows\System32\Drivers\hidshim.sys [6656 2009-08-31] (Windows ® Win 7 DDK provider)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [488568 2012-03-05] (Symantec Corporation)

3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [29184 2011-12-19] (http://libusb-win32.sourceforge.net)

3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)

3 mod7700; C:\Windows\System32\Drivers\mod7700.sys [1001472 2012-05-14] (DiBcom SA)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\ENG64.SYS [117880 2012-03-21] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120321.032\EX64.SYS [2048632 2012-03-21] (Symantec Corporation)

3 nuvotonhidcir; C:\Windows\System32\Drivers\nuvotonhidcir.sys [26624 2009-08-31] (Nuvoton Technology Corporation)

3 nuvotonir; C:\Windows\System32\Drivers\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)

3 SRTSP; C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS [738936 2012-01-17] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS [37496 2012-01-17] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1306010.008\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1306010.008\SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation)

3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-08] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [405624 2012-01-17] (Symantec Corporation)

3 toshidpt; C:\Windows\System32\Drivers\toshidpt.sys [9608 2009-06-19] (TOSHIBA Corporation.)

3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-28] (Texas Instruments)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST

2012-11-30 22:04 - 2012-11-30 23:29 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job

2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-11-30 22:04 - 2012-10-30 14:51 - 00984144 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00370288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-11-30 22:04 - 2012-10-30 14:51 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-11-30 22:04 - 2012-10-30 14:50 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-11-30 22:04 - 2012-10-15 07:59 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software

2012-11-30 22:03 - 2012-10-30 14:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-11-30 22:03 - 2012-10-30 14:50 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-11-30 21:52 - 2012-11-30 21:59 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe

2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-11-30 19:18 - 2012-12-01 15:54 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log

2012-11-30 19:17 - 2012-12-01 16:01 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log

2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt

2012-11-30 18:38 - 2012-11-30 18:57 - 00000000 ____D C:\Qoobox

2012-11-30 18:38 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-11-30 18:38 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-11-30 18:38 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-11-30 18:38 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-11-30 18:37 - 2012-11-30 18:54 - 00000000 ____D C:\Windows\erdnt

2012-11-30 18:19 - 2012-11-30 18:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF}

2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C}

2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log

2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd

2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log

2012-11-30 16:20 - 2012-11-30 16:21 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867}

2012-11-30 03:16 - 2008-09-21 02:16 - 00003146 ____A C:\Users\Daniel\Downloads\bossa_basic_pattern.gp5

2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B}

2012-11-29 13:02 - 2012-11-29 13:04 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4

2012-11-29 12:58 - 2012-11-29 13:00 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4

2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066}

2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE}

2012-11-28 12:08 - 2012-11-28 12:14 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar

2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097}

2012-11-28 04:30 - 2012-11-28 04:32 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4

2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2}

2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448}

2012-11-25 21:18 - 2012-11-25 21:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F}

2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210}

2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB}

2012-11-23 02:48 - 2012-11-23 02:50 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4

2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D}

2012-11-21 23:45 - 2012-11-21 23:46 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip

2012-11-21 22:03 - 2012-11-21 22:04 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED}

2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A}

2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A}

2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF}

2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147}

2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779}

2012-11-17 19:00 - 2012-11-17 19:01 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA}

2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49}

2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E}

2012-11-16 03:58 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-11-16 03:58 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-11-16 03:58 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-11-16 03:58 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-11-16 03:58 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-11-16 03:58 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-11-16 03:58 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-11-16 03:58 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-11-16 03:58 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-11-16 03:58 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-11-16 03:58 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-11-16 03:58 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-11-16 03:58 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-11-16 03:58 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-11-16 03:58 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-11-16 03:58 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-11-16 03:58 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-11-16 03:58 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-11-16 03:58 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-11-16 03:58 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-11-16 03:58 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-11-16 03:58 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-11-16 03:58 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-11-16 03:58 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-11-16 03:58 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-11-16 03:58 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-11-16 03:58 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2012-11-16 03:58 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2012-11-16 03:58 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-11-16 03:58 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-11-16 03:58 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-11-16 03:58 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2012-11-16 01:08 - 2012-11-16 02:36 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2

2012-11-16 01:06 - 2012-11-16 01:08 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe

2012-11-16 00:31 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2012-11-16 00:31 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2012-11-16 00:31 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2012-11-16 00:31 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2012-11-16 00:29 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll

2012-11-16 00:29 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll

2012-11-16 00:29 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll

2012-11-16 00:29 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll

2012-11-16 00:28 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-11-16 00:28 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe

2012-11-16 00:28 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll

2012-11-16 00:28 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll

2012-11-16 00:28 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys

2012-11-16 00:28 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys

2012-11-16 00:28 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2012-11-16 00:28 - 2012-05-31 21:39 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\wamregps.dll

2012-11-16 00:28 - 2012-05-31 21:36 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\iisRtl.dll

2012-11-16 00:28 - 2012-05-31 21:36 - 00011264 ____A (Microsoft Corporation) C:\Windows\System32\iisrstap.dll

2012-11-16 00:28 - 2012-05-31 21:35 - 00060928 ____A (Microsoft Corporation) C:\Windows\System32\ahadmin.dll

2012-11-16 00:28 - 2012-05-31 21:34 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\admwprox.dll

2012-11-16 00:28 - 2012-05-31 21:33 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\iisreset.exe

2012-11-16 00:28 - 2012-05-31 20:40 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll

2012-11-16 00:28 - 2012-05-31 20:37 - 00154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll

2012-11-16 00:28 - 2012-05-31 20:37 - 00008192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll

2012-11-16 00:28 - 2012-05-31 20:35 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll

2012-11-16 00:28 - 2012-05-31 20:35 - 00026624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll

2012-11-16 00:28 - 2012-05-31 20:34 - 00015360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe

2012-11-16 00:27 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-11-16 00:27 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll

2012-11-16 00:27 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll

2012-11-16 00:27 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll

2012-11-16 00:27 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll

2012-11-16 00:27 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys

2012-11-16 00:27 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

2012-11-16 00:26 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll

2012-11-16 00:26 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll

2012-11-15 23:54 - 2012-11-15 23:55 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A}

2012-11-15 01:00 - 2012-11-15 01:02 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4

2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E}

2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA}

2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED}

2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF}

2012-11-10 21:15 - 2012-11-10 21:16 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292}

2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E}

2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379}

2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485}

2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8}

2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829}

2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4}

2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C}

2012-11-04 03:16 - 2012-10-25 15:50 - 00258352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll

2012-11-04 03:05 - 2012-11-04 03:07 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4

2012-11-04 02:42 - 2012-11-04 02:44 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4

2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB}

2012-11-02 17:52 - 2012-11-02 17:53 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5}

2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== One Month Modified Files and Folders =======

2012-12-01 16:17 - 2012-12-01 16:17 - 00602112 ____A (OldTimer Tools) C:\Users\Daniel\Desktop\OTL.exe

2012-12-01 16:15 - 2011-04-02 14:05 - 01947143 ____A C:\Windows\WindowsUpdate.log

2012-12-01 16:12 - 2012-10-15 00:08 - 00000000 ____D C:\Program Files (x86)\Steam

2012-12-01 16:02 - 2011-04-07 08:59 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job

2012-12-01 16:01 - 2012-11-30 19:17 - 00000028 ____A C:\Users\Daniel\AppData\Local\cltedshe.log

2012-12-01 16:01 - 2012-11-30 16:46 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log

2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-12-01 16:00 - 2009-07-13 20:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log

2012-12-01 15:53 - 2011-05-09 02:09 - 00000000 ____D C:\Users\Daniel\AppData\Local\LogMeIn Hamachi

2012-12-01 15:51 - 2011-08-19 03:05 - 00156615 ____A C:\Windows\setupact.log

2012-12-01 15:51 - 2011-06-02 22:31 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-12-01 15:51 - 2011-04-02 14:08 - 00000000 ____D C:\Users\All Users\NVIDIA

2012-12-01 15:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-12-01 13:29 - 2012-12-01 13:29 - 00000000 ____D C:\FRST

2012-12-01 03:08 - 2011-06-16 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype

2012-12-01 03:02 - 2011-04-07 08:59 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job

2012-12-01 02:49 - 2011-06-02 22:31 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-11-30 23:29 - 2012-11-30 22:04 - 00002013 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\Daniel\AppData\Local\PMB Files

2012-11-30 23:28 - 2011-06-08 23:33 - 00000000 ____D C:\Users\All Users\PMB Files

2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd

2012-11-30 22:04 - 2012-11-30 22:04 - 00000350 ___AH C:\Windows\Tasks\avast! Emergency Update.job

2012-11-30 22:04 - 2012-11-30 22:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-11-30 22:03 - 2012-11-30 22:03 - 00000000 ____D C:\Program Files\AVAST Software

2012-11-30 21:59 - 2012-11-30 21:52 - 97495576 ____A C:\Users\Daniel\Downloads\avast_free_antivirus_setup.exe

2012-11-30 21:30 - 2012-11-30 21:30 - 00001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-11-30 21:30 - 2011-10-06 23:33 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-11-30 21:16 - 2011-08-19 23:04 - 00030318 ____A C:\Windows\PFRO.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log

2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log

2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log

2012-11-30 18:57 - 2012-11-30 18:57 - 00030566 ____A C:\ComboFix.txt

2012-11-30 18:57 - 2012-11-30 18:38 - 00000000 ____D C:\Qoobox

2012-11-30 18:57 - 2012-04-15 01:38 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-11-30 18:57 - 2011-09-09 02:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-30 18:57 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2012-11-30 18:54 - 2012-11-30 18:37 - 00000000 ____D C:\Windows\erdnt

2012-11-30 18:53 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-11-30 18:20 - 2012-11-30 18:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9C46E994-8221-4733-BDC2-736644582BDF}

2012-11-30 18:15 - 2012-05-04 05:41 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Rainmeter

2012-11-30 18:15 - 2011-09-16 21:36 - 00000000 ____D C:\users\DefaultAppPool

2012-11-30 18:15 - 2011-04-01 22:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Macromedia

2012-11-30 18:15 - 2011-04-01 22:13 - 00000000 ____D C:\users\Daniel

2012-11-30 18:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2012-11-30 18:14 - 2011-08-27 20:01 - 00000000 ___RD C:\MSOCache

2012-11-30 18:14 - 2011-04-07 08:51 - 00000000 ____D C:\Program Files (x86)\Google

2012-11-30 17:51 - 2012-11-30 17:51 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CE7CB58E-1783-41AC-9A79-205300E6215C}

2012-11-30 17:32 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log

2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log

2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log

2012-11-30 16:21 - 2012-11-30 16:20 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4B224279-CB30-4899-B5BD-B106B42A2867}

2012-11-29 21:54 - 2012-11-29 21:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{477281B0-7ED0-43D0-880B-7E30CB8CEA5B}

2012-11-29 13:17 - 2011-06-02 22:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Google

2012-11-29 13:04 - 2012-11-29 13:02 - 17672068 ____A C:\Users\Daniel\Downloads\Amber Bayani- These Thoughts (uke cover).mp4

2012-11-29 13:00 - 2012-11-29 12:58 - 80274689 ____A C:\Users\Daniel\Downloads\Gorillaz - Feel good inc. - Acoustic guitar cover by Jamé Forbes.mp4

2012-11-29 02:49 - 2012-11-29 02:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A5FFD923-ACAB-4D46-880F-E846F7A2C066}

2012-11-28 23:03 - 2012-11-28 23:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B67858BC-1393-4238-B44F-3B66C47780AE}

2012-11-28 13:08 - 2012-09-05 02:06 - 00000000 ____D C:\Users\Daniel\MSYNC

2012-11-28 12:14 - 2012-11-28 12:08 - 86904875 ____A C:\Users\Daniel\Downloads\GG-GG2-GAP-K2N.rar

2012-11-28 11:49 - 2012-11-28 11:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{ECBCD6BB-6224-4421-B524-624ADDCA4097}

2012-11-28 04:32 - 2012-11-28 04:30 - 86235479 ____A C:\Users\Daniel\Downloads\Park Kahi [After School] - Ultimate Dance Collection.mp4

2012-11-27 21:02 - 2012-11-27 21:02 - 00000000 ____D C:\Users\Daniel\AppData\Local\{27CF164A-EB81-41AF-BD31-41D47148C3F2}

2012-11-27 00:22 - 2011-04-07 04:40 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\uTorrent

2012-11-26 21:04 - 2012-08-15 03:23 - 00002497 ____A C:\Users\Daniel\Desktop\Google Chrome.lnk

2012-11-26 20:58 - 2012-11-26 20:58 - 00000000 ____D C:\Users\Daniel\AppData\Local\{DC024820-DBB6-4877-BA08-9533577A2448}

2012-11-25 21:19 - 2012-11-25 21:18 - 00000000 ____D C:\Users\Daniel\AppData\Local\{9F6FA202-1102-4235-8C9E-74C186856F3F}

2012-11-24 20:03 - 2011-04-08 07:57 - 00000000 ____D C:\Users\Daniel\AppData\Local\CrashDumps

2012-11-24 17:41 - 2009-07-13 21:13 - 00859564 ____A C:\Windows\System32\PerfStringBackup.INI

2012-11-24 15:50 - 2012-11-24 15:50 - 00000000 ____D C:\Users\Daniel\AppData\Local\{FB2B4090-ED04-48D0-977C-B0FA4B807210}

2012-11-23 15:47 - 2012-11-23 15:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{63358A2F-115C-4661-96A7-2E6FEC8D19CB}

2012-11-23 02:50 - 2012-11-23 02:48 - 53557183 ____A C:\Users\Daniel\Downloads\Dumb Ways to Die.mp4

2012-11-22 23:35 - 2012-11-22 23:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{79970399-3230-4DFC-B985-AFBCE49CC26D}

2012-11-21 23:46 - 2012-11-21 23:45 - 02368434 ____A C:\Users\Daniel\Downloads\Ward_Template.zip

2012-11-21 22:04 - 2012-11-21 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{529DBEE8-09B1-4DE2-8D7D-F024033834ED}

2012-11-20 22:03 - 2012-11-20 22:03 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B8A61442-F266-42DC-85C3-C4BA6C9B172A}

2012-11-20 22:01 - 2012-11-20 22:01 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2012-11-19 21:49 - 2012-11-19 21:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{50738D66-13FA-4137-9249-3A7A27EF1B3A}

2012-11-19 00:49 - 2012-11-19 00:49 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A1F1F73B-80A7-4462-B00C-7AA37FC776CF}

2012-11-19 00:31 - 2011-04-06 18:42 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc

2012-11-18 21:27 - 2012-11-18 21:27 - 00000000 ____D C:\Users\Daniel\AppData\Local\{97B56523-EB64-484E-8D86-6BA301BDD147}

2012-11-18 13:12 - 2012-11-18 13:12 - 00000000 ____D C:\Users\Daniel\AppData\Local\{E363595D-0745-46D4-8C12-64891B3E0779}

2012-11-17 19:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2012-11-17 19:01 - 2012-11-17 19:00 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B7B22879-FE8A-4382-8BCD-4FF55F209BDA}

2012-11-17 17:46 - 2012-11-17 17:46 - 00000000 ____D C:\Users\Daniel\AppData\Local\{5039BE42-6A09-4F4D-8B9A-2592B45F3B49}

2012-11-17 00:56 - 2012-11-17 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Local\{EA904533-3DF4-4318-B2D7-2EC61026CF7E}

2012-11-17 00:52 - 2011-09-14 01:51 - 00024822 ____A C:\Windows\iis7.log

2012-11-17 00:51 - 2009-07-13 20:45 - 05003408 ____A C:\Windows\System32\FNTCACHE.DAT

2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv

2012-11-17 00:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv

2012-11-16 02:36 - 2012-11-16 01:08 - 00000000 ____D C:\Users\Daniel\Documents\Guild Wars 2

2012-11-16 01:10 - 2012-11-16 01:10 - 00000899 ____A C:\Users\Public\Desktop\Guild Wars 2.lnk

2012-11-16 01:10 - 2012-11-16 01:10 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2012-11-16 01:08 - 2012-11-16 01:06 - 22716480 ____A (ArenaNet) C:\Users\Daniel\Downloads\Gw2Setup.exe

2012-11-16 00:41 - 2011-04-01 22:20 - 00124920 ____A C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT

2012-11-16 00:31 - 2011-04-01 22:24 - 00000000 ____D C:\Users\All Users\Microsoft Help

2012-11-16 00:29 - 2011-04-06 20:50 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-11-15 23:55 - 2012-11-15 23:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{CD4B8E7A-D568-4170-816F-A87C8D647A9A}

2012-11-15 01:02 - 2012-11-15 01:00 - 82838367 ____A C:\Users\Daniel\Downloads\JJ Project - Bounce.mp4

2012-11-14 12:54 - 2012-11-14 12:54 - 00000000 ____D C:\Users\Daniel\AppData\Local\{4CEF8006-4A12-456C-873B-60BB3B51BD9E}

2012-11-14 02:16 - 2012-03-28 01:48 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-11-14 02:16 - 2011-04-20 06:28 - 00283032 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-11-14 02:12 - 2011-04-20 06:28 - 00298016 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-11-13 22:43 - 2012-11-13 22:43 - 00000000 ____D C:\Users\Daniel\AppData\Local\{30741556-1072-43E6-BDC0-E1B8823C12AA}

2012-11-12 20:48 - 2012-11-12 20:48 - 00000000 ____D C:\Users\Daniel\AppData\Local\{37C065FC-E42F-42C1-A0EC-5D42A42588ED}

2012-11-12 11:28 - 2012-11-12 11:28 - 00000000 ____D C:\Users\Daniel\AppData\Local\{F0DD200F-7008-41A5-AB83-4D9253B772CF}

2012-11-10 21:16 - 2012-11-10 21:15 - 00000000 ____D C:\Users\Daniel\AppData\Local\{08FDE675-6593-43FB-8D74-BE44BE6F9292}

2012-11-10 19:47 - 2012-11-10 19:47 - 00000000 ____D C:\Users\Daniel\AppData\Local\{42308EFC-914F-4F66-9DC3-EE1BFCB1142E}

2012-11-10 19:34 - 2012-11-10 19:34 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B740D62F-34B5-4366-8821-9E90582A5379}

2012-11-10 19:33 - 2009-07-13 21:08 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-11-09 21:35 - 2012-11-09 21:35 - 00000000 ____D C:\Users\Daniel\AppData\Local\{379C1BA3-017E-44AC-A8A1-8D3EAA1DC485}

2012-11-08 22:23 - 2012-11-08 22:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{24A921FF-7EAC-40AF-9677-E2E376223FA8}

2012-11-06 23:23 - 2012-11-06 23:23 - 00000000 ____D C:\Users\Daniel\AppData\Local\{A45BA3AD-0524-46BC-BC56-B736E1FDB829}

2012-11-05 17:06 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Daniel\AppData\Local\{98C0C51B-E912-4E23-BCA8-6775BC6747D4}

2012-11-04 22:19 - 2011-10-01 16:01 - 00000000 ____D C:\Seagate

2012-11-04 15:08 - 2012-11-04 15:08 - 00000000 ____D C:\Users\Daniel\AppData\Local\{1D41A43C-711A-4504-8C7A-90206E30692C}

2012-11-04 03:24 - 2012-03-20 21:46 - 00000000 ____D C:\Perfect World Entertainment

2012-11-04 03:07 - 2012-11-04 03:05 - 84272824 ____A C:\Users\Daniel\Downloads\Girls' Generation - Flower Power.mp4

2012-11-04 02:44 - 2012-11-04 02:42 - 75701720 ____A C:\Users\Daniel\Downloads\Miss A - I Don't Need A Man.mp4

2012-11-03 17:13 - 2012-11-03 17:13 - 00000000 ____D C:\Users\Daniel\AppData\Local\{C941CDCF-3089-4B65-8C0F-E5E32A926ACB}

2012-11-02 17:53 - 2012-11-02 17:52 - 00000000 ____D C:\Users\Daniel\AppData\Local\{B098A105-226B-476B-873C-0356E54301C5}

2012-11-02 03:08 - 2012-11-02 03:08 - 00000000 ____D C:\Users\Public\Documents\CrashDump

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 23:08:46

Restore point made on: 2012-11-16 00:27:26

Restore point made on: 2012-11-16 03:58:31

Restore point made on: 2012-11-23 16:43:28

Restore point made on: 2012-11-28 04:44:29

Restore point made on: 2012-11-29 13:16:12

Restore point made on: 2012-11-30 17:27:49

==================== Memory info ===========================

Percentage of memory in use: 11%

Total physical RAM: 6072.43 MB

Available physical RAM: 5357.09 MB

Total Pagefile: 6070.57 MB

Available Pagefile: 5340.65 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (S3A5912D001) (Fixed) (Total:686.34 GB) (Free:109 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (GN Drive) (Fixed) (Total:298.09 GB) (Free:107.45 GB) NTFS

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 698 GB 0 B

Disk 1 Online 298 GB 1024 KB

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 686 GB 1501 MB

Partition 3 Primary 10 GB 687 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C S3A5912D001 NTFS Partition 686 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 298 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F GN Drive NTFS Partition 298 GB Healthy

=========================================================

Last Boot: 2012-11-24 21:18

==================== End Of Log =============================

Link to post
Share on other sites

  • Staff

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()
C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe
Startup: C:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe ()
2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log
2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log
2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log
2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd
2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log
2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log
2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd
2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log
2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log
2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log
2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log
2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log
2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log
2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log
2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

NEXT

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:
    Link
    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi Sorry for the late replay but the following is the Combo Fix log.

ComboFix 12-12-01.02 - Daniel 02/12/2012 14:04:25.3.8 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4806 [GMT 11:00]

Running from: c:\users\Daniel\Desktop\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe

c:\users\Daniel\Desktop\Personal\Origami\Origami_1\Origami eBooks\Ghep monum\Ebook\Chinese origami book (full)\_desktop.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

.

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-12-02 03:13 . 2012-12-02 03:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-01 21:29 . 2012-12-01 21:29 -------- d-----w- C:\FRST

2012-12-01 06:04 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-12-01 06:04 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-12-01 06:04 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-12-01 06:04 . 2012-10-15 15:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-12-01 06:04 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-12-01 06:04 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-12-01 06:04 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-12-01 06:03 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr

2012-12-01 06:03 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\programdata\AVAST Software

2012-12-01 06:03 . 2012-12-01 06:03 -------- d-----w- c:\program files\AVAST Software

2012-12-01 00:41 . 2012-12-02 02:12 -------- d-----w- c:\users\Daniel\AppData\Local\wkowggjd

2012-12-01 00:41 . 2012-12-01 00:41 102056 --s---w- c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fqgjqgst.exe

2012-11-21 06:01 . 2012-11-21 06:01 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-11-16 09:10 . 2012-11-16 09:10 -------- d-----w- c:\program files (x86)\Guild Wars 2

2012-11-16 08:31 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 08:31 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 08:31 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 08:31 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 08:29 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-16 08:29 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-16 08:29 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-16 08:29 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-16 08:27 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-16 08:27 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-16 08:27 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-16 08:27 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-16 08:27 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-16 08:27 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-16 08:27 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-16 08:27 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-16 08:27 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-16 08:27 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-16 08:27 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-16 08:27 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-16 08:26 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-16 08:26 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-04 11:16 . 2012-10-25 23:50 258352 ----a-w- c:\windows\SysWow64\unicows.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-20 06:54 . 2011-05-26 06:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2012-11-20 06:54 . 2011-06-17 07:08 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-11-17 10:02 . 2011-06-14 05:58 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-11-16 08:29 . 2011-04-07 04:50 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-11-14 10:16 . 2012-03-28 09:48 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-11-14 10:16 . 2011-04-20 14:28 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-11-14 10:12 . 2011-04-20 14:28 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-11-11 05:18 . 2011-05-03 09:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-10-26 01:36 . 2012-10-26 01:36 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-24 16:12 . 2012-10-24 16:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-10-24 16:12 . 2012-10-24 16:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-10-21 07:27 . 2011-04-20 14:28 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-10-15 07:59 . 2012-10-15 07:59 3584 ----a-r- c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe

2012-09-29 08:54 . 2012-04-15 09:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-20 04:35 . 2012-10-15 21:20 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-09-20 04:35 . 2012-10-15 21:20 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-09-14 19:19 . 2012-10-10 07:25 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-10 07:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-11-02 843208]

"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-10-15 1353080]

"FqgJqgst"="c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]

"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2010-08-20 714104]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TOSDCR"="c:\program files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe" [2007-08-28 169296]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-19 2254768]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-24 421888]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

fqgjqgst.exe [2012-12-1 102056]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-9 107720]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [2011-11-29 167048]

R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120321.001\IDSvia64.sys [2012-03-06 488568]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [2012-01-17 190072]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS [2012-01-17 405624]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 Crazy Johns Broadband. RunOuc;Crazy Johns Broadband. OUC;c:\program files (x86)\Crazy Johns Broadband\UpdateDog\ouc.exe [2012-05-15 246112]

R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe [2012-01-17 138232]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-05-15 117248]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-05-15 98816]

R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-12-20 29184]

R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-22 822192]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 USBTINSP;TI-Nspire Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 142848]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-05 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [2011-07-26 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [2012-01-17 1092728]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-09-02 482384]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2010-05-08 80384]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2011-04-25 53760]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-08-31 6656]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-05-15 86016]

S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys [2009-08-31 26624]

S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys [2009-08-31 68096]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-09 539240]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-06-11 1110560]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-01 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-01 22:50]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-03 06:31]

.

2012-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67684466-253165790-691636694-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-07 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032]

"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]

"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [bU]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [bU]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-07-22 464744]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\kvrd2il1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1060933&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.1.8\diMaster.dll\" /prefetch:1"

"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z

[\]^_†\00\00†\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~†\00\00†\00\00\00\00†\00\00\00\00\00\00\00\00‘’“"

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-67684466-253165790-691636694-1001\Software\SecuROM\License information*]

"datasecu"=hex:a8,ae,bd,fd,24,e1,02,2d,a4,ba,e9,38,35,44,19,7a,e8,de,c5,68,d6,

27,5e,c4,7f,1a,83,9a,ff,4b,fb,07,54,ae,31,8f,1b,b8,22,3b,1e,7c,3c,37,58,e4,\

"rkeysecu"=hex:93,20,4b,c4,19,cf,c0,26,f9,5f,bd,66,d2,45,f6,3b

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\12116EC4637FFCA42B5405005035D8EC\9C8928403D4AB094F99FBA20A329833F]

@DACL=(02 0000)

"PatchGUID"=""

"MediaCabinet"=""

"File"="SteamService.exe"

"ComponentVersion"="1.5.31.0"

"ProductVersion"="1.0.0"

"PatchSize"="0"

"PatchAttributes"="0"

"PatchSequence"="0"

"SharedComponent"="0"

"IsFullFile"="0"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\7C5BEC8A0707BFF4FB4A686C99C69900\9C8928403D4AB094F99FBA20A329833F]

@DACL=(02 0000)

"PatchGUID"=""

"MediaCabinet"=""

"File"="Steam.exe1"

"ComponentVersion"="1.0.968.628"

"ProductVersion"="1.0.0"

"PatchSize"="0"

"PatchAttributes"="0"

"PatchSequence"="0"

"SharedComponent"="0"

"IsFullFile"="0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]

"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]

"0"="Microsoft Actions Pane 3"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-02 14:17:30

ComboFix-quarantined-files.txt 2012-12-02 03:17

ComboFix2.txt 2012-12-02 02:19

ComboFix3.txt 2012-12-01 02:57

.

Pre-Run: 116,958,449,664 bytes free

Post-Run: 116,644,884,480 bytes free

.

- - End Of File - - FF4B022D79B2E640C5F76CEA9F3EEEB4

Link to post
Share on other sites

And the following is the fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012

Ran by SYSTEM at 2012-12-02 12:49:32 Run:1

Running from F:\

==============================================

startHKU\Daniel\...\Run: [FqgJqgst] C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe [102056 2012-11-30] ()C:\Users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exeC:\Users\Daniel\Start Menu\Programs\Startup\fqgjqgst.exe2012-11-30 16:46 - 2012-12-01 16:01 - 00000000 ____A C:\Users\Daniel\AppData\Local\aadwrsfq.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 22:19 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.log2012-12-01 15:54 - 2012-11-30 19:18 - 00195770 ____A C:\Users\Daniel\AppData\Local\ikpidmue.log2012-11-30 22:19 - 2012-11-30 16:41 - 00000000 ____D C:\Users\Daniel\AppData\Local\wkowggjd2012-11-30 19:18 - 2012-11-30 19:18 - 00455142 ____A C:\Users\Daniel\AppData\Local\rfkdpsof.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003307 ____A C:\Users\Daniel\AppData\Local\pmtgduve.log2012-11-30 19:18 - 2012-11-30 19:18 - 00003247 ____A C:\Users\Daniel\AppData\Local\vtdsudwf.log2012-11-30 19:17 - 2012-11-30 19:17 - 00446448 ____A C:\Users\Daniel\AppData\Local\enapffrn.log2012-11-30 19:17 - 2012-11-30 19:17 - 00005370 ____A C:\Users\Daniel\AppData\Local\lgnaobbi.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\fchlvidc.log2012-11-30 16:43 - 2012-11-30 16:43 - 00000000 ____A C:\Users\Daniel\AppData\Local\cwvbxftk.log2012-11-30 16:41 - 2012-11-30 16:41 - 00000064 ____A C:\Users\All Users\txbahwro.logend not found.

HKEY_USERS\startDaniel\Software\Microsoft\Windows\CurrentVersion\Run\\startFqgJqgst Value not found.

==== End of Fixlog ====

Link to post
Share on other sites

  • Staff

we still have a little more work to do, so stay with me, we can script out the Norton remnants

(what are you now using for your AV or would you like a recommendation?)

please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

NEXT

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:

Press the WinKey + R to open a run box, type Notepad > click OK.

This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://forums.malwarebytes.org/index.php?showtopic=118894&pid=618964&st=0entry618964

SecCenter::
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

Collect::
c:\users\Daniel\AppData\Local\wkowggjd\fqgjqgst.exe
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fqgjqgst.exe

Folder::
c:\users\Daniel\AppData\Local\wkowggjd

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FqgJqgst"=-

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT

Please advise how the computer is running now and if there are any outstanding issues

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.